Compromise of
authentication credentials to gain access to online services is the weak
link most often exploited by cybercriminals and casual hackers. Empowered with
the genuine authentication codes the cyber intruder usually abuses the stolen
identities to earn money through money transfers from Internet Banking accounts,
online buying and selling, or cashing gaming points. The casual hacker is usually
known to the account owner and hacks for fun or for revenge planting fake posts
on social network sites, viewing personal pictures or reading personal emails.
Authentication
Credentials are exploited in fours ways:
-
Passwords that are simple are easy to guess or crack using tools by cyber criminals. The secret questions used to reclaim a forgotten password in many cases are easier to guess than the password itself. If these passwords were reused on other more important sites, the cybercriminal gains access to those services too. To avoid, these types of attacks, cybercitizens should use strong passwords and difficult to guess secret questions and not reuse them.
- In large data breaches the entire password database was stolen by the misuse of privileged access rights by trusted insiders, compromised administrative authentication codes or via an application flaw. In this way the cyber intruder obtains a large bulk of passwords which are used to compromise accounts on the affected services as well as on other services where the password may have been reused. To avoid these types of attacks, cybercitizens should regularly change their passwords, not reuse them and if notified about a breach immediately change the password.
- Sophisticated malware that has been unintentionally downloaded as part of free software or during a visit to malware infected sites helps steal authentication credentials from user devices. Such malware intercepts user credentials when the user logons to online services. Sophisticated malware besides stealing authentication credentials can intercept one time passwords sent from financial sites via sms, which when used in conjunction with spoofed sites are highly effective in compromising a user’s financial transactions. Cybercitizens should install a reliable antimalware product that blocks malicious sites and filters malware. Though not foolproof, it helps reduce the risk. To avoid spoofed sites, it is best to check the ownership and validity of the SSL certificate by clicking on the padlock in the address field of the browser.
- Passwords, in many instances are naively handed over to cybercriminals impersonating law enforcement officers, bank officials or even as IT support. Cybercitizens are tricked into believing that these requests to share passwords come from genuine and authoritative sources. To avoid such types of attacks cybercitizens should never share their passwords, as no organization will ever ask for them by phone or mail.
No comments:
Post a Comment