Credential dumping simply refers to an attack that relies on gathering credentials from a targeted system. Even though the credentials may not be in plain text — they’re often hashed or encrypted — an attacker can still extract the data and crack it offline on their own systems. This is why the attack is referred toas “dumping.”
Often hackers will try to steal passwords from systems they have already compromised. Think about the aforementioned command and control attack and moving laterally through a network. But the problem becomes amplified when users replicate the same password across multiple accounts through multiple systems.
Identifying a credential dump can have its problems. A SOC that is monitoring correctly will see excessive data being exposed. A penetration test run well will identify where applications are exposing vast amounts of data. Regular Cyber Security Testing will be the key to ensuring your attack surface is minimized. A responsible disclosure program will help harness the power of the security swarm.