• Latest
  • Trending
#HowTo: Avoid Credential Abuse

#HowTo: Avoid Credential Abuse

December 30, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 29 January, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

#HowTo: Avoid Credential Abuse

by ITECHNEWS
December 30, 2021
in Leading Stories, Opinion
0 0
0
#HowTo: Avoid Credential Abuse

Every year, when we look at the Verizon Data Breach Report and other industry surveys, malicious use of credentials occurs in more 80% of breaches worldwide. The most common way to start a cyber-attack is by impersonating real users by using credentials found on the dark web, harvested through phishing attacks, or using password spraying techniques. Once credentials have been compromised to gain a foot in the door, attackers might then work to achieve privileged access by gaining control of the credentials of a more privileged user.

 

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

This type of abuse is done for many different reasons. Examples include getting access to install ransomware onto a critical server or computer, downloading confidential information to use as a ransom or accessing accounts that could be used to reset passwords to multiple websites. The list goes on.

 

Don’t Get Stuffed Again

 

Credential stuffing is a widely used technique by cyber-criminals. Typically, most users will have an average of three to five different passwords for different online services, maybe with few variations, like a number at the end of the password. Because of this poor password practice, the use of credential stuffing can be really effective.

 

Bulk attacks are commonly used when targeting consumers, such as getting access to online accounts to make purchases and personal bank accounts. It’s also very common to use those attacks to install ransomware within a company network. Additionally, botnets are pretty effective at performing credential stuffing quickly. They are widely used to access routers and IoT devices using a password spraying technique with common and default passwords for devices, such as ‘admin.’ They can also be used to automate the attack process, launching simultaneous attacks, which gives less time for companies to react.

 

In a recent high-profile example of credential stuffing, hackers got hold of 500,000 Zoom credentials when their usage skyrocketed in April 2020 due to the pandemic. They collected credentials from the dark web and from different breaches and used them to try and log in to Zoom accounts. Zoom itself was not hacked or exposed; the problem was caused because users tend to use the same password everywhere.

 

Targeted attacks usually take more time and require a strategy to achieve specific objectives. For example, we have seen attacks targeted at managed service providers (MSPs) to steal credentials from anyone from the MSP’s technical team. With those credentials, cyber-criminals can potentially get access to computers in multiple companies managed by the MSP. This is a very smart way to reach dozens of companies by targeting just one.

 

The Importance of MFA

 

The death of the password has been predicted for some 20 years – but they are still the most common form of authentication. But there is another, simple way. Two-factor authentication (2FA) or multi-factor authentication (MFA) can help to solve this problem. A recent document from Gartner from May 2020 said that because of the pandemic, companies that don’t implement MFA would have five times more chance of being attacked than companies with it. With MFA, even if the password is compromised, there are one or more additional factors protecting the users’ login.

 

Yet, if it makes so much sense, why doesn’t everyone use MFA? It really depends on what they are trying to protect. Login to computers, remote access and VPNs, for example, are very common cases and usually don’t require too much work to implement MFA. Some legacy applications might be more complicated if they don’t offer any type of standard integration with MFA, but this can be overcome.

 

To integrate MFA, cloud applications will depend on supporting standards like security assertion markup language (SAML), a common and simple way to integrate cloud applications with an identity provider. It gives an additional benefit of web single sign-on to protect the cloud applications while removing the need for users and admins to create or manage application passwords. Some cloud applications are already taking measures to ensure all users will use MFA, and Salesforce is a great example. It recently announced that after 1 Feb 2022, everyone will have to use MFA.

 

The benefits are clear, but many companies still see MFA as costly and complex to deploy and manage. However, new cloud-based MFA solutions take away much of the pain and up-front investment of deploying MFA, even for smaller businesses that do not want to install and manage servers inside their networks. By managing MFA all from the cloud, implementation can be done in hours, not weeks, and ongoing management such as adding a user or application is quick and simple. Cloud-based MFA dispels the view that MFA has always been out of reach for SMEs due to cost, complexity and management issues – so there is no excuse.

Source: Alexandre Cagnoni director of authentication
Via: WatchGuard Technologies
Tags: Data Breach
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version