Key Tactics Hackers Use to Steal Passwords

Passwords, a basic yet essential part of cybersecurity, are the first line of defence against cyberattacks in our increasingly digital world. However, according to research from Check Point Software, many users are under the false impression that cybercriminals have no interest in their personal information or data on their computers.

Hackers
Hacker

And it is for this reason that the robustness and strength of passwords are more important now than ever. With that in mind – thanks to Checkpoint – here are three of the tactics used to steal passwords along with the necessary steps to prevent any person from becoming a victim of cybercrime:

Phishing attacks

This method has become one of the most widely used tactics for stealing passwords and usernames. It works in a simple way: by sending an email that appears to come from a trusted source (such as banks, energy companies, etc.), but aims to manipulate the recipient and extract confidential information.

Read also:How Hackers Are Selling Data Of Over 500 million LinkedIn Users Using Bitcoin

An example of a successful phishing attack was the data breach at Experian, where a fraudster purported as a legitimate client obtained the personal information of as many as 24 million South Africans and nearly 793,749 business entities.

One of the best ways to prevent a phishing attack is by implementing a two-step authentication. This extra layer of security prompts the user to enter a second password, which is usually sent via SMS. This way, access to an account is prevented even if they have the user’s credentials.

Brute-force or dictionary hacking

This type of cyber-attack involves trying to crack a password through repetition. The cybercriminals will try multiple random combinations, combining names, letters, and numbers, until they gain access.

To prevent them from achieving their goal, it is essential that users create complicated and complex passwords that cybercriminals would never be able to guess randomly.

Read also:South African IT Security Firm, Lawtrust, Acquired For $17 million

To do this, it is necessary to leave out names, dates, and common words. Instead, it is best to create a unique password of at least eight characters that combine letters (both upper and lower case), numbers and symbols.

Keyloggers 

These programmes are capable of recording every keystroke made on a computer and even record what is displayed on the screen. This information is then sent and stored on external servers, then used by cybercriminals.

These cyber-attacks are commonly part of malware that has been previously installed on a computer. The worst thing about these attacks is that many people often use the same password for different user accounts.

Read also:Singaporean Fintech, KiwiPay, Launches Aggressive Expansion In The Whole Of Central Africa

To prevent this, it is essential to use a different password for each profile or account. To do this, a password manager can be used, which allows both managing and generating different and robust password combinations for each service based on the guidelines decided upon.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

How Hackers Are Selling Data Of Over 500 million LinkedIn Users Using Bitcoin

Cybersecurity

Social network giant LinkedIn is the next victim of a major personal data breach, after Facebook. According to information released by Cybernews, more than 500 million LinkedIn users are the latest victims of this massive leak. The data is being sold by hackers for $7,000 worth of bitcoin, says the same source, which updated the report on Friday to clarify it found a new list of databases created by another user on the same hacker forum.

Cybersecurity
Cybersecurity

“The new author claims to be in possession of both the original 500-million database, as well as six additional archives that allegedly include 327 million scraped LinkedIn profiles,” the report noted. 

“If true, this would put the overall number of scraped profiles at 827 million, exceeding LinkedIn’s actual user base of 740+ million by more than 10%. This means that some, if not most, of the new data sold by the threat actor might be either duplicate or outdated,” it added.

Here Is What You Need To Know

  • According to the source, personal information, such as email addresses, phone numbers, job details, full names, gender, account IDs, and connections to users’ other social media sites, was included in the leaked data, in addition to publicly viewable member profiles.
  • LinkedIn, the professional online social network created in 2002 and now owned by tech giant Microsoft, however denied that it was a hack. Instead, the company said the purported hacking activity related to an “aggregation of data from a number of websites and companies”.
  • In fact, according to the social network, it is “profile data made publicly visible which has been extracted”. 

“Data was not therefore stolen from users’ private accounts,” LinkedIn said. “No LinkedIn private member account data was included in what we were able to review.”

Auctioned For Bitcoin

The hackers responsible for this major leak, which represents a blow to the social network, also auctioned the database, starting from $1000 for no less than 500 million profiles. 

Read also:South African Government Encourages Businesses to Market to Africa’s Population

This database, which has been auctioned, may bring in a four-figure amount, depending on the expectations of hackers who want a settlement in bitcoin. The database consists of a cross-referencing of names, email addresses, telephone numbers, professional backgrounds and other information.

Read also: Proposed Internet Security Regulation In Botswana To Shut Down Websites For Non-compliance

What Makes This So Concerning?

With the alleged hacking activity, LinkedIn users are now potentially at risk of targeted phishing attacks, spamming of 500 million emails and phone numbers, and brute-forcing of profile and email passwords. Harassment and the development of false identities using users’ personal details are examples of other events that may follow. 

Professional hackers can also mix the stolen information with other leaks to create a perfect false profile of their targeted victim.

Nevertheless, “the leaked files appear to only contain LinkedIn profile information — we did not find any deeply sensitive data like credit card details or legal documents in the sample posted by the threat actor,” CyberNews said in a statement.

“With that said, even an email address can be enough for a competent cybercriminal to cause real damage,” it added.

What Actionable Steps May Be Taken To Reduce The Chances Of Being A Victim? 

According to Tunisia’s National Computer Security Agency (ANSI) in a publication on its official page in response to the recent Facebook data breach:

“It is important to remember that the leak does not concern passwords or messaging. However, the leaked data can be used for phishing (phishing) or smishing (SMS spamming) attacks without forgetting the fact that this information can be sold and exploited for marketing companies.”

The agency also went ahead to advise on actionable steps to take in case of data breach.

“Today, it is impossible to delete the data that was leaked during this attack, but we can mitigate its impact and take preventive measures to improve the protection of personal data communicated to social networks,” it said.  

Therefore, ANSI recommends:

“Strengthening account security by opting for strong passwords consisting of 8 to 12 characters including numbers, letters and symbols. 

In addition, you should never let a third party or an application create your access settings.

Enable strong or two-factor authentication to deny access to the account even if the access settings have been compromised.

Read also:Egypt’s Paymob Raises $18.5m Series A, Highest Ever For A Fintech Startup

Configure the information communicated to social networks and limit yourself to basic information.

Optimize the protection of mobile devices and computers by installing an antivirus and keeping it up to date.”

Additionally, affected users should:

  • Not click on any links that seem to be dubious.
  • Not respond to suspicious emails or messages
  • Not answer a call from an unknown phone number or return the call.

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

how hackers LinkedIn data how hackers LinkedIn data how hackers LinkedIn data