Trends in Phishing, Ransomware, Credential Stuffing and Other Security Concerns from Hikvision’s Senior Cybersecurity Director, Plus Using a Password Manager to Reduce Risk

December 15, 2020

Hikvision HikWire blog article Trends in Phishing, Ransomware, Credential Stuffing and Other Security Concerns

Hikvision Senior Director of Cybersecurity Chuck Davis today blogs about trends in phishing, ransomware, credential stuffing and other security concerns. And he talks about password managers to prevent credential stuffing and reduce risk.

Google Services Used for Phishing
Phishing campaigns have long used cloud services like Google Docs, Google Forms, and Office 365, to host malicious content. It is not always malware being hosted on these platforms. Often it is an online form that looks like a login page for a bank, a store, or other online service that allows the attacker to harvest login credentials from unaware victims. Once the attacker gets the victim’s login credentials, they can use them in a credential stuffing attack.

Google Services Used for Phishing

According to research by cloud provider Amorblox, there is “a sharp uptick in attackers using Google services to help them get emails past binary security filters based on keywords or URLs.” As security tools review your incoming email, they might flag a link with a gibberish domain name as potentially malicious, but possibly not a link from a well-known and popular domain name.

Credential stuffing—when an attacker takes a long list of usernames and passwords and, using an automated script, tries each pair on many popular websites—is on the rise. In September, the FBI warned of an increase in credential stuffing attacks and stated, “41 percent of all financial sector attacks between 2017 and 2020 were due to credential stuffing, resulting in the theft of millions of dollars.”

According to a 2019 Google/Harris poll, 65 percent of respondents reuse passwords on some, or all of their accounts. To reduce your risk of becoming the victim of credential stuffing, never reuse passwords. That means you likely need to use a password manager.

Ransomware Prints Ransom Notes
Modern ransomware tends to infect a computer, then exfiltrate data and encrypt the contents of that computer, leaving nothing readable by the computer operator except a ransom note on the screen. That is a pretty dramatic approach, but at least one ransomware attacker thought that she needed an additional method of delivering the ransom note that includes repeated printing of these notes after an attack.

As reported by Tripwire, the South American retail giant Cencosud was infected by an Egregor ransomware attack which, “stole sensitive files that it found on the compromised network, and encrypted data on Cencosud’s drives to lock workers out of the company’s data.” Then “printers at the checkouts of numerous retail outlets in Chile and Argentina were suddenly churning out the ransom demand as well.”

In Bleeping Computer’s review of this malware, they state, “To increase public awareness of the attack and pressure a victim into paying, the Egregor operation is known to repeatedly print ransom notes from all available network and local printers after an attack.”

While this tactic might just seem like a novel addition to a ransomware attack, remember that many of our Internet of Things (IoT) devices, such as smart doorbells, light bulbs, cameras and thermostats, do not have display screens. Therefore, sending the ransom note to a printer on the same network as the target device, gives the attacker a means of communicating with IoT device owners and collecting a ransom for encrypted IoT devices.

Tip: Use Password Managers for Added Security
As you read earlier in this blog, credential stuffing is on the rise. It is also becoming more automated, with botnets attempting logins from different IP addresses all over the Internet. Now more than ever, we all need to use a password manager to protect us from these rapid, advanced credential stuffing attacks.

A password manager is a software tool that is used to store all of your passwords in an encrypted file so that you, and no one else, have very easy access to them, helping to minimize security concerns. Most modern password managers have additional features such as cloud storage, auto-filling fields, and password generators that make very good passwords.

The most important feature of your passwords is this: You should have a unique password for every account that you own. Yes, they should be long and strong, but if they are not unique, you not only put one of your accounts at risk of attack, you put every account at risk that reuses a password.

Read this Hikvision blog to learn more about how password managers can help you reduce security concerns.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).