What is a Password attack?
A password attack is when a cybercriminal attempts to steal your passwords or your log-in credentials to bypass the security authentication of your user account. According to Data Breach Investigation Research Reports, 80% of data breaches link to password theft. This type of attack is one of the most popular methods of personal and corporate data breaches, and presents in the form of a phishing attempt, man-in-the-middle attack, brute force attack, and keyloggers.
Phishing
Phishing is a social engineered attack where a user is contacted by email, telephone (vishing), or text message (smishing), impersonating reputable companies or individuals.
How do you avoid phishing attempts
- Double check with the sender. When in doubt, reach out. The sender might not even know they have been compromised.
- Change passwords if in doubt. There's a possibility your account could've been compromised unknowingly. Rotating your passwords without being prompted can lock out potential attackers.
- Think before you click. Never click links or download attachments you are not familiar with or expecting. If you can, always try to access a site through your search engine and check the address before clicking on it. Check with the sender to verify they did send that link or that file.
- Deny by Default. Implementing a Zero Trust strategy with the use of Application Allowlisting and Ring-fencing can exponentially reduce the surface area that a cybercriminal has, by denying any unknown access to applications.
Man-In-The-Middle Attacks
Man-in-the-middle (MitM) attacks is the wiretapping of cyberattacks. These occur when cybercriminals eavesdrop by adding themselves into existing conversations or data transfers pretending to be the legitimate party.They then distribute malicious links and steal data from unsuspecting, legitimate parties.
How to avoid MitM attacks
- Use MFA. If a cybercriminal obtains your log-in credentials, it is always best to have an extra layer of authentication to block any unauthorised log-in attempts. Using 2FA/ MFA will help add that extra layer of security.
- Use strong credentials for your internet router. Router credentials should always be changed from the default factory credentials they have when shipped. These default credentials are easily obtained and can be used by cybercriminal to gain access to your router and infiltrate your network. The more robust your password, the less likely hackers will succeed.
- Network Access Control (NAC). Implementing a zero-trust workstation firewall can give you complete control over all in-bound network traffic. By using custom-built policies, NAC limits your exposure by allowing granular access based on IP addresses, specific keywords, agent authentication, or dynamic ACLs, thus keeping cybercriminals out.
Brute Force Attacks
A brute force attack is a tactic used by cybercriminals to gain control of an organisation's secure accounts, systems, and networks. This can result in stealing confidential information, spreading malicious software, and personally altering websites or social media to assist in further damage to your reputation.
How to Prevent a Brute Force Attack
- Create a firm password policy. Ensuring employees maintain strong complex passwords is the best way to stop cyber threats and secure your organisation's accounts.
- Use CAPTCHA. Tools such as CAPTCHA can discourage threat actors and impede bots.
- Use MFA.
- Application Control. Deny non-approved applications from running and prevent allowed applications from being weaponised. This will prevent further access to other applications or data, defending against brute force attacks.
- Locking down accounts. Implementing lockdown policies to capture user logon, logoff, unlock, and lock events can alert you of a brute force attack and prevent compromise of your system.
Keyloggers
Also known as a keystroke logger, a keylogger is a typeof spyware that monitors and records user keystrokes. This attack gives cybercriminals access to read whatever is being typed on a keyboard. This can include your organisation log-in credentials, read screenshots and data copied to a user's clipboard.
How to prevent Keyloggers
- Don't download files from unknown sources.
- Use a business approved password manager. Using a business password manager ensures password are complex and secure. It will limit you having to physically typing passwords for different accounts. Password policy settings can be managed by IT admins to ensure your password comply with company compliance policy.
- Inspect your physical hardware. Ensure that you are familiar with every piece of hardware at your workstation. Cybercriminals can also use an assortment of physical tools. If someone has access to your workstation, they can install a hardware keylogger to collect information about your keystrokes. Regularly inspect your computer for installed spyware.
- Use an Antivirus. Running an antivirus scan can assist you in removing malicious and unfamiliar software. Using a Next Generation Advanced Threat protection antivirus helps defend you against common malware like keyloggers.
- Application Control. Implementing zero trust in your organisation can prevent downloading unfamiliar and untrusted software, limiting the risk of 3rd party monitoring from spyware. This level of application control will prevent keyloggers from monitoring keystrokes and getting access to other sensitive information.
Conclusion
Password attacks are not often the sole goal in cyberattacks, but the first of many breaches in a multi-variable attack sequence seen in attacks such as ransomware.
Prevention is always better than a cure, but if a cyber criminal slips through the cracks, it is beneficial to implement various controls to mitigate an attack's reach and stop cybercriminals. Implementing a zero-trust cyber strategy through application control, lockdown policies, etc., will help safeguard your IT environment.
Personos can help you achieve this goal as part of the Endpoint Privilege and Application Control management solution , please contact us for more information.