How User Credentials Are Stolen
Technology | 2 Min Read
Already, 2015 has seen a substantial increase in cyber-attacks by cyber criminals to steal large volumes of data and credentials. These attacks include theft of users’ credentials—such as passwords, usernames, e-mail addresses—and other forms of Personally Identifiable Information (PII) used by customers, employees, and third parties. User credentials can be stolen in many ways and the cyber-attack taxonomy can be quite confusing. Among them can include:
- Phishing, Spear-phishing, Clone-phishing, and Whaling: Conducting attacks using social engineering by sending e-mails disguised as legitimate messages, tricking users into disclosing names and passwords, payment card information, or clicking on links or attachments that deliver malware to their computers. Hackers commonly use social media such as Facebook and Twitter to attack people, and recent experiments have shown a success rate of over 70% for phishing attacks on social networks.
- Malvertising: Injecting malware into legitimate online advertising and downloading the malware to the computer of any person who visits the Website containing the advertisement. Although this is a fairly new concept for spreading malware, it's estimated there are at least 10 billion ad impressions compromised by malvertising. Besides not clicking on web ads, a user’s best defense is to download an internet browser that can detect websites that have malware advertisements on them.
- Watering Holes: Injecting malware into a vulnerable Website frequented or commonly visited by targeted victims. The compromised site facilitates the downloading of malware to the computer of any person who visits the Website. Although it’s pretty tough to get malware on the major websites that most people visit, vulnerable websites that small groups of people trust makes this strategy efficient for stealing user credentials.
- Web-based Attacks: Targeting systems and services that contain customer credentials using “brute force” or other methods to gain access to the information through direct penetration of the targeted network. And since most of us are always connected to the web, it’s a constant challenge for an organization to prevent infections on end user personal devices. Other web-based attacks can include “Plug-In” and “Script-Enabled Attacks,” “Drive-By Downloads,” and “Clickjacking.”
As you might imagine, the theft of user credentials presents distinct risks and can vary by organization. Stolen customer credentials may give an attacker access to customers’ account information to commit fraud and identity theft. Stolen employee and third-party credentials may provide initial access to trusted internal systems that may be used to leverage system administrator level access to obtain confidential business and customer information, modify and disrupt information systems, and destroy or corrupt data. System credentials may be targeted directly through vulnerabilities in authentication systems or indirectly by compromising the credentials of trusted third parties. Stolen system credentials may also be used to gain access to internal systems and data to further distribute malware or impersonate the organization to facilitate fraud.
Whatever the risks are to your organization, make sure you prepare and distribute an Incident Preparedness Checklist that includes detailed instructions on what to do 1) Before a Cyber Attack or Intrusion, 2) During a Cyber Attack or Intrusion, and 3) After Recovering from a Cyber Attack or Intrusion. Work with an expert or professional to ensure Best Practices are followed and all employees are well trained and informed. A quick, effective response to a cyber attack can prove critical to minimizing the resulting harm and expediting recovery.
About Brian Dunn
A founding partner of Winvale, Brian Dunn manages and supervises all professional services for company clients, among them business intelligence and market assessment, schedule maintenance, OIG audits, training, sales strategy and business development. Under Brian’s direction, Winvale has successfully negotiated and managed hundreds of GSA Schedule contracts for companies of many sizes and representing many industries. Brian’s expertise with GSA’s Multiple Award Schedule is the driver behind Winvale’s nearly perfect contract approval rate, and continues to power customer success.