One weak password is all hackers need to compromise applications or accounts and access confidential files and data. While cracking passwords is a very common cyber attack, the repercussions shouldn’t be taken lightly. From data theft to identity breach, and operational downtime, stolen passwords can shake a company’s reputational and financial status....CONTINUE READING
Read on to learn about the top 4 techniques hackers use to breach passwords and how you can prevent them.
Securing your enterprise
Sometimes hackers exploit human psychology; other times, the systems are infected or infiltrated with malicious software. What’s more, hackers are using off-the-shelf solutions or bad bots to exploit passwords. Thus, learning how hackers can steal passwords can help IT professionals spread awareness in their enterprises and protect it from malicious cyber threats.
Top 4 techniques
⦁ Social engineering
Social engineering is a psychological manipulation that influences the target to perform undesirable activities. And phishing is one of the most common ways of leveraging social engineering. Research shows phishing was the #1 complaint for businesses and individuals and led to $1.8 billion in business losses.
By Masquerading as someone you’re familiar with — friends, family, or business partners — hackers can trick you into handing over sensitive information.
Example: Hackers impersonate government officials or bank associates to encourage people to download a seemingly important document, fill out their KYC by clicking a link, or change their passwords. This gives hackers backdoor access to users’ personal information or systems.
How to prevent:
⦁ Use multifactor authentication
⦁ Be skeptical of emails containing attachments and verify the sender before sharing any sensitive data or opening any links or attachments.
⦁ Brute Force Attack
Brute force means hackers use commonly known and used passwords to try and crack into your account. One such brute attack is a dictionary attack where hackers use a dictionary and test all of the words. Another way is when hackers conduct a data breach and get access to the hash of the plain text password. (Hashing is the process of mapping data of any amount to a predetermined length using an algorithm.) In 2021, brute force attacks rose by 160% between May and mid-June.
Example: Hackers using a trial-and-error approach to break into someone’s account. The process gets much easier and faster with the use of automation.
How to prevent:
⦁ Use 16-character passwords with at least some special characters.
⦁ Use salts in your passwords. Salts are random data inserted in the beginning, middle, or end of the password, so hackers cannot crack plain passwords.
⦁ Man-in-the-middle (MITM)
As the name explains, MITM is an attack where hackers position themselves between the user and the client, decipher all the information, and use it for malicious purposes. The attacker compromises the servers, including HTTPS connections to websites, which enable them to listen to the conversation.
Example: Hackers actively eavesdrop on the conversation by making contact with both the parties and exchanging their conversation, making them believe they’re talking to each other. Instead, the hacker gains access to the entire conversation by being in the “middle”.
How to prevent:
⦁Using an SSL VPN can protect both users and the clients and ensures that the conversation is encrypted and the attackers cannot decipher it.
⦁ Malware
A quick glance through the malware landscape may tell you that the attacks are decreasing YOY, as, in 2021, malware dropped 4% compared to the last year. However, a closer look will tell you there’s more happening – August 2021 broke last year’s records by making 537 million malware attacks.
Thus, the scenario tells us that at no point, the IT teams should lower their guards; instead, preventive measures and awareness programs should continue to run to avoid getting into the trap of malicious threat actors.
Malware is a malicious software inserted into a network or device. Hackers can use phishing emails as a medium to inject malware.
Example: Hackers can insert malware into the user’s systems which can then be used to track users’ data and steal passwords by keylogging technique. In this technique, keystrokes can be traced to identify passwords and steal sensitive information like account details, passwords, email accounts, and more.
How to prevent malware attacks:
Securing endpoints and deploying a robust security solution is critical in identifying and preventing malware and other infections.
Passwords will continue to be used for the foreseeable future. Simply because they’re simple to use and can be employed everywhere. However, maintaining good passwords is not only the IT team’s responsibility but each individual’s.
Therefore, the solution to prevention lies in raising employee awareness, conducting ongoing security programs to stay on top of the threat landscape, and employing solutions like SSL VPN that can mitigate attacks like MITM and HTTPS spoofing.
