Cyber scams are on the rise, but those who think they are only applied due to software flaws or other types of network vulnerabilities are wrong. According to Microsoft, attackers are entering systems from access credentials stolen from targets.
- FBI warns of ransomware attack that affected 30 US companies in 2021
- Home office, shopping and social media are top baits for phishing
- IT Companies Target Russian Criminals Who Attacked SolarWinds
Earlier this week, Microsoft warned that the cyber criminal group Nobelium, responsible for the cyber hijacking (ransomware) of SolarWinds, were using credential theft tactics on their new targets. Now, on Tuesday (26) the company warns that these scams are being used by more agents, in addition to Nobelium, with the Microsoft Threat Detection and Response Team (DART) estimates that the invasion via Credentials accounted for at least a third of user accounts affected by cybercrime in 2021.
According to DART, criminals do this in two different ways: from the low and slow method (“low and slow”, in free translation), which involves the attacker using a single password for numerous IP addresses, attacking multiple accounts at the same time with some predefined credentials. According to the developer of Windows, this attack is only effective in 1% of attempts.
The second method is called availability and reuse (availability and reuse), and makes use of leaked credentials made available on the internet, either publicly or through purchases on the dark web. This process is more effective and allows criminals to execute attacks faster.
In addition to the above two methods, Microsoft also warns about problems with using outdated software, which often does not support multi-factor authentication, and may have critical vulnerabilities that allow intrusions. The company recommends constantly updating devices and protocols to avoid these types of problems.
how to protect yourself
Even though everything said above seems to indicate that passwords are dangerous, the truth is that, when done with good security policies, in addition to having enhanced authentication in multiples, they can greatly protect business systems and their users.
To achieve this goal, DART recommends the following steps to ensure greater protection from passwords:
-
Multifactor authentication: although already well known, this method of defense is extremely important, and must be enabled on all systems that support it;
-
Rethinking password policies: Migrating from passwords to physical authentication keys or cross-platform login can be a solution for better protection, as according to Microsoft research, an eight-digit password with capital letters, small letters and numbers is no longer as secure. Also, opting for long, random sequences can increase protection;
-
Beware of administrative accounts: Accounts with administrative privileges can do everything on a system, so their protection is of paramount importance. Always leave them multi-factor authentication and unavailable outside the enterprise environment;
-
Audit of security policies: Checking that the company’s protection policies do not have vulnerabilities is a critical step, as a single flaw can become a huge headache. Conduct ongoing audits to confirm that the guidelines are effective.