Hackers obtaining extracted credentials from PCs/Servers and then selling them to other hackers
As businesses adapt to the Covid-19 pandemic situation, with more people working from home, cybercriminals have increased their activities. The SME sector has been especially vulnerable to malware attacks since it is lacking in essential resources - technology, staff training, and expertise. Employees are one of the main points of access due to credentials being leaked through third-party breaches. The DynaRisk intelligence team monitors for mentions of hacked companies and the presence of stolen data on the Dark Web. Malware authors often use tricks to try to convince you to download malicious files. Like sending spam email containing a link, or attachments you should not click on. Visiting hacked or compromised webpages could redirect you to spam or malware.
Recently, the DynaRisk intelligence team discovered over 1.5m devices have had data stolen from all over the world and shared on the Dark Web. The screenshot above shows one small batch of 11,000 compressed stolen data records.
In December 2020 and January 2021, there was a growing demand for stolen user’s credentials for remote access servers, financial and banking information, and stolen credit card details on a black market.
Amazon S3 buckets are another common attack vector. If not properly managed and configured, they allow malicious actors to insert their code into numerous websites. Combing through the Dark Web forums, the DynaRisk intelligence team recognized numerous stolen credentials for Amazon Simple Storage Service (Amazon S3) – user name, password, access key ID, secret access key, login link.
Poorly managed credentials can be a powerful weapon in the wrong hands. Cybercriminals use stolen user’s credentials to gain access through remote access systems, preferably to the most sensitive parts of a company’s network. They also use the credentials to carry out Business Email Compromise (BEC) scams.
System administrators storing passwords in the clear in excel spreadsheets
Lack of proper cyber hygiene and irresponsible handling of sensitive data by employees leaves companies wide open to attack. DynaRisk has also discovered a healthcare data breach of a US medical center that suffered a ransomware attack amid the Covid-19 crisis. Login information, passwords, IP info, servers, devices, web loggings, etc were conveniently recorded in an unprotected Excel spreadsheet - a goldmine for hackers.
Back in March 2020, a major cruise operator Norwegian Cruise Line (NCL) has suffered a data breach. With NCL already shaken by the COVID-19 financial impact, a cybersecurity issue was not helpful at all. Talk about bad timing. Goes without saying that these challenging times affect not only our health and safety but online safety as well.
Despite cybercrime being on the rise, companies can still protect themselves. The most critical step is reemphasizing the importance of proper security practices for employees and monitoring to see if hackers are targeting a company. Malware attacks usually start as a suspicious link in an email meaning the human factor is crucial. It is obvious there are do's and don'ts when it comes to employee behavior:
- Regular audits from companies to ensure servers and data are well-protected.
- Train staff members on how to spot suspicious emails
- Keeping all software up to date. Patches may easily fix vulnerabilities that hackers use to gain access.
- Monitor for hackers talking about your company
- Prevent remote workers to access the company's systems from personal devices. All employees are required to use a dedicated network to ensure a secure connection.
- Restrict employee admin permission access.
- Use tokens, 2-step or multi-factor authentication, and unique, strong passwords.
- Use of advanced solutions for malware detection, anti-malware anti antivirus.
Start a free trial of DynaRisk Breach Defence to better manage your cyber risk. Our all-in-one platform enables small and medium enterprises to proactively track and defend against threats including ransomware, Business Email Compromise, and fraud. We combine six key features designed to provide comprehensive cyber risk monitoring and staff training