It is a fact that -- all it takes is a single good credential to gain access to an organization’s infrastructure by an attacker and cause havoc there.
Cybercriminals are stealing credentials using a wide range of techniques, tactics and procedures. The compromised data enables attackers to breach organizations and steal sensitive information.
Credentials refer to specific data or authentication tools required to verify the identity of a user, authenticate them and grant access to a system or network ID. Credentials are extremely important when it comes to securing a company’s network infrastructure, protecting both their employees and customers, and safeguarding their assets.
Once inside, advanced cybercriminals can move laterally, placing backdoors, RATs and other software to become persistent, exfiltrate the data of employees or customers to resell or utilize for their own financial gain.
Different kinds of credentials are used for authentication every day, from physical keys to tokens and cards, to digital private keys, session cookies, digital certificates on websites… however, all of them are vulnerable if the attacker uses the right tools or techniques. In terms of enterprise security, the most widely used and most easily compromised are login-password credentials, generating a significant amount of risk to any organization.
-
What are cybercriminals doing with your stolen passwords?
What are they trying to achieve?
• Fraud, through an account takeover, from transfers and purchases, to money laundering and insurance scams
• Blackmail, where sensitive or confidential information is not sold but rather ransomed back to original owners
• Distributing crimeware, using mainly e-mail, system and social network credentials or injecting malicious code or content into websites
• Reputational damage, to harm the image of the company
• Hacktivism, where hackers can perform defacements, expose controversial information or impersonate well-known people on social media
• Identity theft, with financial loss and reputational damage as its consequence
• Espionage, ranging from individual to corporate to nation-state operations where stolen accounts are used to spy and gather information from legitimate owners
-
Some Most Notorious Stealers are:
• Pony
• LokiPWS
• Agent Tesla ("Malware-as-a-service" RAT)
• TrickBot
Once a password stealer has made its way onto the target’s systems, it starts getting to work. There is some variance in how each of these programs function but many of the core elements and features are the same. For example:
• Keyloggers
• Clipboard access
• Screenshots
• Videos
(Only for example)
Agent Tesla previously targeted credentials from applications like Apple Safari, Chromium, Google Chrome, Iridium, Microsoft IE and Edge, Mozilla Firefox, Mozilla Thunderbird, OpenVPN, Opera, Opera Mail, Qualcomm Eudora, Tencent QQBrowser and Yandex. The malware also now targets FTPNavigator ( Windows-based Internet application that facilitates FTP transfer), WinVNC4 (a remote desktop control allowing users to control computers remotely), WinSCP (which provides secure file transfer between a local and a remote computer) and SmartFTP ( network file transfer program for Microsoft).
Update March, 2021
While Agent Tesla has previously communicated with the C2 server over HTTP, SMTP (simple mail transfer protocol) and FTP (file transfer protocol), the new version also uses Telegram to exfiltrate data, by sending the stolen data to a private Telegram chat room.
-
As you can see, password stealers represent a significant threat and they are not going anywhere soon!
Unfortunately, there is no surefire way to completely guard yourself and your organization. Despite this, following security best practices will reduce the risks to an acceptable level, especially if adequate staff training is part of the process.
Individuals and employees need to be aware of the risks and only open attachments if they are certain that they are legitimate. It’s important to encourage a workplace culture where employees feel comfortable to check with IT whenever they are unsure of a potential security issue.
Implementing two-factor authentication is another crucial mitigator. If an authentication process requires a token, biometric input, an authenticator app or an SMS code in addition to the user password, it can make it significantly more difficult to break into the systems.
-
Please let me know of what do you think about this in the comment section. You can also share with all if the information shared here helps you in some manner.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
Life is small and make the most of it!