A peek into the stealing habits of cybercriminals

According to Verizon’s 2017 Data Breach Investigations Report, 81 percent of hacking-related breaches use either stolen and/or weak passwords. It’s no big surprise. Stories of businesses still using the word ‘password’ for its passwords continually do the rounds. So a group of researchers at enterprise cyber security software and services firm Imperva decided to test the water, to see what actually happens when hackers gain access to credentials and attack individuals.

Apparently the most common way cybercriminals penetrate networks is by stealing and then using valid credentials. According to Imperva, password theft occurs using many different methods - phishing, malware, man-in-the-middle attacks and brute-force password learning – but it is phishing that remains the most effective method. It plays on human curiosity and error so this is where the researchers focussed most of their attention.

“Humans will always be humans,” says Luda Lazar, security research engineer at Imperva’s Defense Center. By that she means we always have it in us to do stupid things like click on links in emails or download attachments.

We collate the opinions of 31 experts to discover the things businesses really need to know about the dark web. Check out: The dark web & business report: A seedy Dickensian underworld online

Lazar led Imperva’s six-month research project, a honeypot campaign to attract hackers and watch their methods and movements and even trace them where possible. A pool of honey accounts was created containing nearly 60 email accounts from the likes of Gmail, Outlook, Yahoo and Yandex, as well as 30 groups of other account types - including file hosting (OneDrive, Google Drive, Dropbox) and social network accounts (Facebook, LinkedIn, Twitter) bound to one of the email accounts. Identical passwords were used for all accounts to track password reuse attempts.

To continue reading...


« Will Chinese companies surge to the top of the public cloud market?


Enterprise GitHub projects of the week: Confidant, UI for UWP, & Ansible »
Marc Ambasna-Jones

Marc Ambasna-Jones is a UK-based freelance writer and media consultant and has been writing about business and technology since 1989.

  • Mail


Do you think your smartphone is making you a workaholic?