Credential Attacks
![](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2023/08/ISO-Illustration_passwords.png)
Attackers don’t hack in, they log in.
Attackers usually don’t have to hack into your systems like in the movies; oftentimes, they log into your systems like valid users using credential attacks.
What are credential attacks?
![phishing-icon Phishing Icon](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/09/phishing-icon.png)
Attackers collect usernames
![vulernability-icon Key inside computer chip - Line icon](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/06/vulernability-icon.png)
Exploit poor password policies to obtain domain user credentials
![remote-icon Remote](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/07/remote-icon.png)
Leverage misconfigurations to elevate privileges to domain administrator
![build-icon Build](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/07/build-icon.png)
…where they end up with the keys to the kingdom.
![Credential Attack Path Graphic Credential Attack Path Graphic](https://p7i3u3x3.rocketcdn.me/wp-content/uploads/2021/09/Credential-Attack-Path-Graphic.jpg)
Credential attacks are a critical enabler for ransomware, and they have cost businesses over $10B in the past 5 years.
Why fix vulnerabilities that can’t be exploited?
Most vulnerabilities found by vulnerability scanners cannot be exploited or are difficult and impractical to exploit; yet your teams spend precious time fixing these issues. Meanwhile, ransomware attackers are finding ways to chain together harvested credentials, misconfigurations, and dangerous product defaults to compromise your systems.