Credential theft was on the rise during Q3 of 2018 in the US, even with apparent declines around the rest of the world.
In fact, credential theft has risen by 141% in the last quarter. That means that compromised credentials are on the uptick and are likely to affect business accounts.
Let me set the scene with a real life story that impacted a potential client of mine.
I got a phone call on my desk phone. I hate getting calls to my desk because I know that the person on the other line is normally in big trouble.
It turns out I was getting a call about a cyberattack—that started innocently with one little email. Jacki, a clinic nurse was on her break and decided to check her email while having a snack at her desk. She saw an email from Charles, the CEO of the small chain of clinics, with a personal message directed at her. Charles had asked Jacki to take a quick look at some photos from an event that Jacki had attended with Charles and many others from the company over the weekend. Excited to get a personal note from the CEO, Jacki didn’t think twice to click on the link—supposedly to a site containing photos from the event.
It turns out that in clicking on the link, Jacki infected her computer with malware, which then recorded every single one of her keystrokes. The criminal was able to record her passwords—including one to their EHR system.
The attacker was able to leak out medical records over the course of three months before anything suspicious was identified. At that point, a couple thousand records (2,376 to be exact) had been leaked to the criminal. When running a forensic analysis of the network, we found that someone had used Jacki’s login to access the network remotely almost a hundred times before raising any red flags.
Our team was asked to assess the damage done on the clinic’s network. Jacki’s password had definitely been compromised.
In fact, we even found a chat room on the Dark Web that listing out a variety of Jacki’s and other key employee social media passwords (some of which, when tested against their corporate network were the exact same passwords!).
Note: I am not revealing actual names here to protect the innocent. I am using this very unfortunate case of a compromised network to merely underscore the point: hackers are looking to get into your network and one of the easiest is through user credentials.
How are criminals getting information on user credentials?
While cybercriminals are using a variety of methods of stealing credentials, the easiest ways to collect credentials from victims is through a well thought out phishing attack like the story above.
Criminals are researching information on your teams, crafting a social-engineering email and encouraging that your staff click on a very specific link or attachment. They are doing their homework.
They’ll go on Facebook (as was the case in the above example), find events and people tagged in images or understand relationships amongst people in an organization and then send emails with personal anecdotes to make emails appear credible.
The scary part about phishing attacks? Any criminal can easily phish your users. At this point, to be a cybercriminal you don’t have to have any programming or coding experience, and you certainly do not need to be a network master. Coders and programmers working on the dark side are actually devising campaigns and kits to help anyone—even novices— crack onto business networks. All you would need is some bitcoin and the ability to follow simple instructions outlined by the master hacker.
Bottom line: cybercrime in 2018 has gotten worse in part because criminals are having an easier time than ever to phish users out of passwords or are able to purchase credentials (from other data thefts), letting criminals hungry for data or ransoms to shut down or steal from your organization.
The good news? It’s not that hard to implement a cybersecurity framework to protect your users from credential theft and protect your network from hacks and cyberattacks.
Contact us TODAY for a free ransomware vulnerability assessment!
