SIW Outlines 5 Emerging Threats, Plus Tips to Prevent Hacks and Security Breach
Avoid Being Hacked with Hikvision Tips on Avoiding Credential Stuffing Cyberattacks
The SecurityInfoWatch.com (SIW) article, “5 emerging customer identity threats,” outlines top threats and offers tips to prevent hacks and security breach.
From the article: “As technology evolves, customers face an increasing number of identity threats. At the same time, legislation around the world now applies increasingly hefty fines when customer data is compromised. According to Experian, more than two in five consumers worldwide have experienced fraudulent activity online, and 55 percent of businesses globally have reported losses due to online fraud in the last 12 months. The World Economic Forum classes identity fraud and theft as one of the top five global risks for 2019.”
The five emerging threats outlined in the article include:
- Attacks on mobile devices with the article estimating “24,000 malicious mobile apps are blocked every day.”
- A rise in Synthetic Identity Fraud, which Nerdwallet.com says “involves fraudsters using a combination of fake information, such as a fictitious name, and real data, like a child’s Social Security number, to create fraudulent accounts.”
- Heightened IoT (internet of things) hacking risk as smart devices expand throughout homes and workplaces.
- Ransomware attacks are growing 350 percent annually, according to the SIW article.
- Credential stuffing, which Hikvision’s director of cybersecurity describes as “when an attacker takes a long list of usernames and passwords and, using an automated script, tries each pair on many popular websites.”
Tips to prevent security breaches include:
- Manage access and login controls
- Update software and security systems to prevent hackers exploiting vulnerabilities
- Monitor firewall and security software on a regular basis
Read the entire article at this link for more insights.
Hikvision Tips to Avoid Being Hacked
Hikvision outlines tips to avoid being hacked in this blog about credential stuffing: “Hikvision Cybersecurity Director on How Attackers Access Your Accounts Using Credential Stuffing, and Three Tips to Address this Security Concern.” Credential stuffing is when an attacker takes a long list of usernames and passwords and, using an automated script, tries each pair on many popular websites. Those sites could be business or email related, like Google, Apple, and Microsoft. They could be social media accounts like Facebook, LinkedIn, and Instagram, shopping accounts like Amazon or any other popular sites, like banks and payment tools such as Venmo.
Once the automated script is successful at logging into a site, that username and password pair is saved for later review and use by the attacker against other sites. So let’s walk through an example. Let’s assume that Bob reuses passwords across many of his accounts. He has a password for work accounts and a separate one for social media accounts. After the LinkedIn security breach a few years ago, Bob’s username and password were made public when miscreants posted the list of breached account credentials to the Internet.
A threat actor, named Mary, decided to take that list and run it through her credential stuffing script. Once the script completed its test, Mary found out that Bob had reset his LinkedIn password, as instructed, but was still using the same password for Facebook and Twitter. Since Bob isn’t using multi-factor authentication on those sites, Mary was able to successfully log into and take over, or even just watch, Bob’s social media accounts.
This is a common attack method and underscores the need for everyone to follow good cybersecurity practices. Below are three ways to avoid being in Bob’s position:
- Use a unique password for every account. You will likely need a password manager to achieve this.
- Use “good” passwords for each account. This can also be achieved with a password manager.
- Use multi-factor authentication anywhere and everywhere you can.
By following these three tips, you will reduce the likelihood of becoming an easy target of credential stuffing attacks.
For more information about password managers, read this Hikvision article: “Hikvision Cybersecurity Director Discusses Password Management Strategies, Using Password Managers to Reduce Security Concerns.”