Targeted threats are a growing problem in the world of information security. Sometimes referred to as advanced persistent threats (APTs), targeted threats may include stealthy and continuous hacking processes, orchestrated by groups that are capably of effectively targeting a specific entity. APTs may originate from nation-states or organized crime and may threaten the security of an organization in a variety of ways. Sensitive data is commonly targeted, causing monetary and reputation damages to affected organizations. APTs may be designed to steal intellectual property, financial details of customers and employees, organizational strategy information, or any other type of confidential data. APTs may also be designed to destroy valuable data or sabotage computer-controlled systems.
A typical targeted attack on a secured computing system may involve various stages such as incursion, exploration, pivoting, and exfiltration. One key prerequisite of some or all of these stages may include the theft of sensitive credentials that may be used to escalate privilege, pivot within the secured computing system, or otherwise weaken the security measures employed by the secured computing system. The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting credential theft.