Ways to Protect Your Business Amidst Alarming Rise in Password Attacks
Incidents of password attacks have risen significantly in recent years. Between 2021 and 2022, cases have increased by 74%, corresponding to 941 attacks every second. Yes, you read that right, EVERY SECOND.
It’s an alarming statistic. There’s nothing more terrifying than knowing that your accounts and data can be compromised at any second.
But don’t panic just yet.
At Intelligent Technical Solutions (ITS), we have helped businesses deal with all manner of cybercrimes, password attacks included, so we know a few things that can help. We can tell you all you need to know about password attacks and how to protect yourself from them!
The 7 Ways Hackers Get Your Password
Password attacks are when hackers try to steal your passwords and gain access to your accounts. It may sound simple, but there are a lot of different ways to do this.
Here, we’ve listed some of the most common techniques used to get your password.
Phishing is the simplest type of password attack and the easiest to fall for. It is when hackers send an email or text message under the name of a trusted source to lure victims into handing over their personal information. These emails or text messages often contain fake links or malicious attachments that will prompt you to “share” your account credentials once you click them.
2. Credential Stuffing
What are the chances that you’re using the same password, or something similar, for different accounts? If the answer is high, then you might be vulnerable to a credential stuffing attack.
For this technique, hackers try various combinations of your stolen usernames and passwords, hoping to find something that still works. Although it is mostly trial-and-error, it is highly effective because humans tend to reuse old passwords and rarely change compromised ones.
3. Brute Force
Brute force attacks are similar to credential stuffing in the sense that hackers will attempt hundreds of username-password combinations to gain access to your account. The only difference is instead of using stolen data, they start by using common or short passwords such as “123456” or “password.” They also use automated methods or software that are capable of generating millions of combinations in seconds.
4. Password Spraying
Password spraying is a form of brute force attack that involves the use of common passwords on multiple accounts at the same time. And by multiple, we don’t just mean two or three accounts, but thousands and even millions of users. This method lowers the risk of account lockout that happens after continuous failed attempts. The usual targets for this type of attack are single sign-on and cloud-based platforms.
We have yet another form of brute force attack with the dictionary attack. In this, hackers use dictionary words or commonly used passwords to gain access to an account. There are also advanced attacks that use personal details such as the name of your pet, birthdate, favorite color, and the like. These details are easy to find online by skimming through a person’s social media accounts.
As the name suggests, in this type of password attack, the hacker poses as a middleman and intercepts the data that is relayed. Often, they would impersonate a legitimate third party and send an email or message that will convince the user to log in on their fake but authentic-looking website. This fake website will redirect the user to the actual website and will allow them to perform real actions, making them oblivious that they are falling victim to a hacker.
Keyloggers, or, to be more accurate, keystroke loggers, is a type of spyware that records everything you type. They can come in the form of malware or a physical device, but the former is more common and harder to detect. Like any other malware, this is sent to the victim via a link through a phishing email. Once installed, every keyboard stroke you make is recorded and sent to the hacker. This means they have full access to all the details in your account, from the username, card details, and even answers to security questions.
Top Signs that You're Under Attack
Aside from knowing the methods that hackers use to infiltrate your system, it is also important to know whether or not your accounts have been compromised. These are self-explanatory, so we’ll not expound. Here are the top signs that you’re under attack:
- Your passwords have stopped working.
- Your contacts are receiving emails and messages you never sent.
- You’re getting more ads and popups than usual.
- You get redirected to unfamiliar pages when accessing legitimate sites.
- Your internet or device has noticeably slowed down.
- You have programs or plugins that you didn’t install.
- You get notifications for excessive login attempts and password resets.
How Can You Keep Your Accounts Safe?
Now that you know how hackers get your credentials and the signs that they've compromised your account, the next thing you should know is how to keep your accounts and systems safe. Take a look at some of the actions you can take to keep your network safe from password attacks:
1. Enable Multi-Factor Authentication (MFA)
Enabling MFA is one of the best ways to keep your networks safe. When you have MFA, you will need additional information to access your accounts. You may be asked for additional information, fingerprints, or even face or eye scans. These are things that are harder for hackers to acquire. Aside from that, you may also be asked to verify a login attempt through your personal phone or email. If you want to know more about this matter, take a look at one of our articles detailing the best type of MFA for your business.
2. Properly Store and Manage your Passwords
When it comes to storing passwords, some people prefer listing their account details on paper, while some keep a document on their devices. While those are effective, they are also vulnerable to attacks. If you want a safer way to store your passwords, we suggest using a password manager. This software will keep your passwords in an encrypted database, making it harder for hackers to retrieve your data. Aside from the added security, it also saves you the trouble of having to remember all your complex passwords.
3. Create a Strong Password
It goes without saying that you shouldn’t use a generic password for your account. This means no proper nouns, birthdates, or any personal information that is accessible to the public through your social media accounts and other networks. Strong passwords are a combination of lower- and uppercase letters, numbers, and symbols, so make sure yours also have those.
In addition to a strong password, it is also recommended that you use different passwords for all your accounts.
4. Be Mindful of What You’re Clicking On
One of the easiest ways that hackers get you is by making you click on malicious emails or links. To avoid being attacked this way, be mindful of the things you click on. Ensure that the sender's details are correct and there isn’t anything wrong with the body of the message. If something is off, it's better to ignore and delete the message.
5. Regularly Monitor Activity from Your Accounts
We already listed down the signs that you are under attack or have already been attacked. Make sure you keep those in mind so you can immediately take action the moment any of those occur. For organizations, monitoring activity can be done by your IT teams, and this should be done in real-time to allow for fast prevention and neutralization of the threat.
Ready to Protect Yourself from Password-Based Attacks?
There are many ways for your account to be compromised, but there are just as many ways for you to keep yourself safe and secure. And although tech giants like Microsoft and Apple are trying to move towards a passwordless future, it can still be quite a way off. For now, the best approach is to apply the following:
- Enable MFA
- Store and Manage Passwords Properly
- Use Strong Passwords
- Think Before You Click
- Always Monitor Activity from Your Accounts
Additionally, when it comes to protection, ITS advocates taking a proactive approach to cybersecurity to ward off such attacks. This means prioritizing prevention rather than cure. If you want to know more about our cybersecurity measures, schedule a meeting with our experts today!
Additionally, if you want to educate yourself more on password attacks and other related subjects, try checking out the following:
- Article: Making the Best Password in 2022: Tips, Tricks, and Common Mistakes
- Video: What is a Brute Force Attack and How to Prevent It?