The 266 percent increase in the use of so-called infostealers is also related to the focus on identity theft as a way of penetrating company systems. Infostealers are malicious software designed to steal personal and sensitive information. In this context, last year IBM noticed new tools of this kind or modifications of already known programs aimed at increasing their effectiveness in obtaining login data.
Even when businesses implement multi-factor authentication and other security, they often have them misconfigured. Doubts of this kind were noted by IBM X-Force experts in 30 percent of cases when, for example, web applications of client environments allowed to have more user sessions at the same time, i.e. more parallel connections to the server. Bad settings for otherwise adequate security thus represent the most frequently observed security risk in the context of identity or credential theft.
He lost tens of thousands of games and a Steam account. Because of a stupid mistake
Games and gaming systems
“Legitimate tools were used in almost a third, i.e. 32 percent of security incidents recorded last year. It is clear that attackers are aware of how difficult it is for defenders to distinguish between the legitimate use of an identity and its unauthorized misuse,” said CEO of IBM Czech Republic, Fridrich Matejík. The increasing targeting of identities by cybercriminals underscores the critical importance of organizations controlling potential attack opportunities on their networks, he said.
On the contrary, the number of cases of blackmailing businesses through ransomware fell by 11.5 percent year-on-year. The deployment of malicious programs of this kind accounts for roughly one-fifth of the actions in the victim’s environment, and therefore remains the most common procedure of attackers after breaking into a company’s system. However, the volume of attempted ransomware deployments is relatively low as larger organizations manage to stop these intrusions before the malware takes hold. In addition, companies tend to be less willing to resort to blackmail, i.e. instead of paying the ransom, they prefer to try to decrypt the attacked part of the system.
At the same time, cybercriminals still do not dare to abuse artificial intelligence as a gateway to company systems. However, according to IBM analysts, it is only a matter of time. At present, AI deployment is rather chaotic, but according to analysts, the market will soon consolidate into a few dominant models and it will start paying for attackers to invest money in the development of tools aimed at specific AI.
Every fourth Czech takes risks with passwords
Passwords are the first effective line of defense against cyberbullies on the Internet. Therefore, security experts constantly appeal to users not to underestimate them. Still, the results of the latest survey by antivirus company Eset are alarming. They clearly show that a quarter of Czechs still take risks with passwords.
At the same time, more than half of domestic users create such passwords that we can remember by heart. Most often, according to the survey, people create them using a combination of uppercase and lowercase letters and numbers (43%). An almost comparable number of respondents add special characters to these data (38%).
However, the resulting form of the password varies further – while a fifth of us use a random cluster of characters, letters and numbers (22%) and less than a third use a so-called password phrase (30%), a quarter of users still create passwords based on personal information, such as is, for example, a pet’s name, date of birth or address (26%).
Simple phrases such as “password123” are used by 12% of respondents. “Just a few years ago, a random combination of upper and lower case letters, special characters and numbers was considered a strong password. So people started choosing complex but short passwords. However, today’s automated password cracking tools used, for example, in so-called brute force attacks can guess such passwords within a few minutes,” warned Vladimíra Žáčková, cyber security specialist at Eset.
“Therefore, a better option is to choose, for example, a password phrase, which should not be directly related to our personal data or information about our family and hobbies – attackers can easily find them out, for example, from public information on social networks,” stated Žáčková.
At the same time, the users themselves evaluate the security of their password most often according to its complexity (64%), length and also according to whether the password is unique for each service used (26%). Using a security application, such as a password manager, as a security criterion is important to 24% of respondents. However, for 17% of them, whether the password is easy to remember is also a security criterion.
What should a correct password look like?
Password security is also determined by its length. Special programs of the hacker underworld can crack a four-digit password, consisting of numbers from zero to nine, in two minutes.
The power of dual-core and quad-core processors allows up to 100 possible combinations to be checked in one second on a common computer set.
A secure password should be at least six characters long and contain numbers and ideally upper and lower case letters. On the other hand, the password should in no case be made up of the user’s name, simple words (such as “password”) or just a sequence of numbers.
Most people can’t remember all the passwords. Czechs recycle them
Internet and PC
Tags: Cybercriminals stealing identities
-
