Cyberattackers leak stolen passwords to Google
Still using that password from 2010?
Most professionals in the mental health field would confirm that “real” change takes time. When it comes to cybercrime and password practices, hackers are smiling all the way to the bitcoin bank because users can’t shake old habits.
Well, turns out hackers are less than perfect and a mistake for one large scale phishing operation exposed their loot on the internet. The error resulted in thousands of corporate employee passwords accessible to the public through Google search.
Cybercrime Operation Exposed
The incident was analyzed by two cybersecurity research firms and their findings linked this event to the same group suspected in the August 2020 Xerox/Xeros phishing scam.
Some of the details released in the report by Check Point Research and Otorio reveal the infection chain began when several phishing emails imitating a scan notification from Xerox/Xeros were sent with the targets first name or company name in the subject line.
Running for more than six months and using hosted pages with dozens of domains, the scam Microsoft Office 365 login screen would pop up when the user tried to access the document. It is said that the bad actors frequently updated the fake login screen, apparently seeking perfection.
The scammers were successful in duping email protection filters in Office 365. Their biggest mistake occurred when the stolen data was saved to a file where it was indexed by Google.
The report cites the industries targeted by the hackers were highest in construction, energy (Oil & Gas) and IT sectors. Below is a graph from Check Point Research showing the industries involved in the hack:
The statistics on users and password security, make cybersecurity experts cringe.
In early 2019, Google and Harris Poll teamed up to conduct a national survey on online security behaviors. Of the 3,000 adults from ages 16 to 50 surveyed, results were very telling. Google identified that 66 percent of people use the same password for multiple or all accounts. And far too many still use the same password they’ve been using for 10 years.
In the report we find some interesting stats:
- 43 percent of Americans have shared a password, including 23 percent who have given someone else their email password.
- 22 percent use their own name as a password for at least one account.
- 75 percent say they have trouble keeping track of all their passwords.
- Less than half (45 percent) of Americans change their password, even after a data compromise or breach.
Just a bit of advice on the never-ending saga of secure passwords
Password security advice for businesses:
- If you have not set a policy for MFA (multi-factor authentication) on all accounts, it’s time to make the change.
- Blacklist common password choices.
- Provide a way for your employees to manage passwords.
- When new systems are deployed, make sure you change default passwords. You’d be surprised how often breaches occur due to default passwords never being updated.
- Make sure text is encrypted if employees make a practice of saving a document or email with work-related passwords in plain text.
- Make it a practice of locked computer screens so only approved employees are accessing systems.
Password security advice for users:
- Today’s best practice, and sure-fire way to mitigate risk of being the next cyberattack victim, is to use a phrase as your password and change it monthly.
- Get used to logging out of your accounts before you shut down or put your device in sleep mode.
- Get use to using multifactor authentication (suggest it to your employer if this is no already in place). Yeah, we know it’s a pain but what is more of a pain is an attack on your network!
Put Hackers Out of the Phishing Business
In 2015, a survey was conducted by mobile identity company TeleSign, which polled 2,000 consumers in the U.S. and the U.K. about their cybersecurity practices. Unfortunately, the latest stats on password policy and practices of users have not changed much from 2015.
In recent years, cybercrime trends have become more complex and targeted. At NOYNIM, we operate with the assumption that it’s not a matter of “IF” you will get hacked but “WHEN”. We can help put your mind at ease by managing the security of your environment. Give us a call at (720) 524-8616 about our IT Security Services and Cybersecurity.