29 Jun Password-Stealing Malware Has Huge Impact
Stolen passwords have been at the heart of most security breaches since the very beginning of cybercrime. Despite all of our efforts to secure and prevent password theft, it’s still a major issue. Recently, Verizon released their 2017 Data Breach Investigation Report, and it once again confirms that not much has changed in this area. In 81% of the hacking related breaches that were studied by Verizon, cybercriminals used stolen passwords to gain access to their victim’s information systems.
The numbers highlight how important it is for corporations everywhere to do all they can to first, prevent password theft, and second, detect when a criminal tries to use a stolen password.
Cybercriminals are constantly getting better at stealing user passwords. They obtain passwords in many ways, including phishing schemes, spyware, password grabbing keyloggers, and downloading password databases where user account information is stored. Nearly all of these techniques to steal credentials involve some sort of malware. Phishing attacks use malicious emails, typically coupled with malware laden websites. Spyware and keylogging malware has been with us for decades, yet these malicious programs continue to grow in number and sophistication. Administrative credentials are frequently obtained by advanced malware that captures passwords from memory or network packets, enabling attackers to access privileged information like user account databases.
After password stealing malware has obtained user login credentials, attackers use them to penetrate the targeted system. But that’s not the end of the damage. Cybercriminals will also use the stolen credentials to attempt access into networks and services owned by other entities. Attackers capitalize on the fact that individuals tend to use the same password on multiple sites. So, capturing a user’s Facebook credentials, for example, will likely give criminals access to the victim’s bank or corporate accounts.
According to the Verizon report, “there are armies of botnets with millions (or billions) of credentials attempting to reuse them against other sites. In other words, even though components of authentication weren’t compromised from you, it doesn’t mean they were not compromised.”
The study clearly shows that stolen passwords are the key to most data breaches. Since most passwords are stolen by malware, it’s critical that individuals and organizations everywhere improve their tools and procedures to protect themselves and others from password stealing malware.
But that’s not all that organizations need to do. As shown by this study, a password stolen from one system, say a user’s Facebook account, will in all likelihood be used to attempt access to the user’s bank and other accounts. This makes it especially critical for organizations to implement tools that can detect when a fraudster starts to use a stolen account. The password may not have been stolen from the organization, but that doesn’t guarantee that the crooks have obtained the password elsewhere.