Password failure is responsible for the vast majority of data breaches today. Low-tech phishing attacks and low-effort, high-value password spraying attacks are effective and on the rise. With the continued digitization of modern society, increased work-from-home opportunities and cascade effect of attacks on critical suppliers, cybercriminals have boundless opportunities to exploit single points of failure caused by improper and insecure password use.
Hackers increasingly target supplier and logistics companies in order to maximize the impact of an attack. These types of attacks yield high rewards for attackers. Managed services providers with delegated admin access by upstream customers or with high-visibility downstream exposure yield optimal outcomes for persistent password spray efforts. This was the appeal of SolarWinds, which had a known list of high-value clients.