Some of the most noteworthy cybersecurity incidents that have occurred in the past 5 years have involved attacks on the credential lifecycle. Credentials are targeted by threat actors when they are initially issued at employee onboarding, when they are used everyday to login, and when they are lost and need to be reset. According to Microsoft’s 2025 Digital Defense Report, credential based attacks were the initial access vector used in 80% of attacks by access brokers.
One of the most well known credential related incidents targeted MGM and Caesar’s Casinos in the summer of 2023. To target MGM, the criminals reportedly identified employee profiles on Linkedin, and learned enough about one employee in particular to call up MGM’s IT Helpdesk and successfully convince them to reset that person’s multi-factor authentication. These attacks prompted many organizations to take a closer look at how they handle credential reset.
One of the drivers behind these attacks is the increasing popularity of remote work. It is no longer reasonable in many cases to tell employees to just “drop by the office” if they loose access to the network. Organizations need ways to validate the identity of people remotely, and this is a lot harder than it sounds. SIM swapping, deepfakes, and breach data provide lots of ways to overcome various controls that organizations are trying to put in place.
This talk will dissect the credential lifecycle and describe different attacks that target it and controls that can be put in place. We will focus specifically on credential reset workflows and show how attackers can subvert different countermeasures. We’ll then discuss how organizations can leverage what they know about their own employees to build robust defenses against these kinds of attacks.
Tom Cross is the Head of Threat Research at GetReal Security, where he tracks threat actors and attack activity involving deepfake social engineering and impersonation. His career in cybersecurity has spanned three decades, and numerous roles, including CoFounder and CTO of Drawbridge... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT Swissôtel Chicago323 E Wacker Dr, Chicago, IL 60601, USA
