REMEMBER - When "Identity is the new perimeter" , MFA combined with Employee awareness can be a good Firewall. There are now upward of 1.5 billion credentials floating in the wild ready for use by malicious miscreants at an exposed service near your data. Akamai saw more than 115 million attempts to use stolen credentials per day, and three times during the year the attacks spiked to more than 250 million attempts per day.

In March, for example, the FBI warned management-software firm Citrix that attackers had breached the company's network using a low-volume credential-stuffing attack

"Nation states actors typically target MSP (managed service providers) and companies like Citrix due to their client base and intellectual property," he said. "Other than espionage or financial profit, MSPs can also be targeted and leveraged in supply chain attacks that are used as a staging point to distribute additional malware."


https://www.darkreading.com/threat-intelligence/credential-stuffing-attacks-behind-30-billion-login-attempts-in-2018/d/d-id/1334371