The password is part of human history, a simple, but effective way of controlling access to a resource. The password persists because it is easy to understand and use. But it is also the Achilles heel of organizations the world over, with password stealing incidents that involve malware known as Trojan-PSW, increasing by 45% over the last 6-months according to Kaspersky.
By relying on passwords, organizations and individuals seem to be making easy work for the cybercriminal. But by putting in place certain measures, we can close the door on password theft.
Password theft is a common tactic used by cybercriminals to give them access to more lucrative items, aka, data, and to open the door to crimes such as Business Email Compromise (BEC). Some of the more common methods of infecting machines with password stealing malware are:
There are many variants of password stealing type of malware. This is an example of a password stealing malware that captures passwords as they are entered into login forms on infected machines. Some of these malware are delivered using infected ads or via infected websites. Kaspersky research mentioned above, shows incidents of password theft have recently surged, centered around the Trojan-PSW malware; this malware is typically delivered via infected websites.
Another example of password stealing malware is MosaicLoader. This malware uses infected online paid search ads for software cracks, to infect vulnerable computers. The installation of the malware is a complex process using clever methods that mimic real software file names to thwart anti-malware software. Once infected, the malware collects passwords typed into login forms.
Vulnerabilities in user machines allow the malware to be automatically installed.
Phishing is a common method used to steal passwords, either directly, via a spoof login page, or via malware infection via an infected attachment. A recent phishing scam exemplifies how sophisticated phishing-led password thefts have become: this phishing campaign uses a well-known Remote Access Trojan (RAT) from 2014, known as Agent Tesla. Often hacking groups will take tried and tested code and innovate around it for a modern context. This new form of Agent Tesla is a case of code innovation. This latest version, designed to steal passwords and other personal data, is based on a phishing campaign that uses seemingly legitimate business emails containing an Excel attachment named "Order Requirements and Specs". This malware is available ‘as-a-Service’ on the dark web making it more accessible, with the potential to reach a wider victim base.
Even the very tools used to manage the large number of passwords that each of us uses daily are at risk. The popular password manager, Passwordstate was exploited recently, with malware injected into the update mechanism of the app. The malware update was then used to pass the malware onto the app's user base of 370,000 security and IT professionals and 29,000 companies.
The war of attrition between users and cybercriminals is ongoing, but best practice security measures can mean that a company can minimize the risk level of password theft. Here are five measures to check off your cybersecurity posture improvement list:
Email security platforms offer a 360-degree way to deal with the sophisticated threats inherent in modern phishing campaigns. These systems are advanced and smart, using machine learning to ensure that even novel phishing tactics are detected and prevented. These email security solutions stop email spoofing and prevent phishing messages before they even enter an employee’s inbox. Removing phishing from the password theft toolbox closes off many attacks.
Some password stealing malware is delivered via infected websites or web apps. Smart solutions to the password theft problem incorporate Web Content Filtering solutions. These products stop an employee from navigating to a dangerous website, therefore, preventing the installation of password theft malware.
If an application can be set up to use multiple factors to control access, then this option should be configured. Whilst MFA is not infallible, and passwords are still stolen, having additional authentication factors in place to control access to corporate resources and apps, means that it is more difficult (but not impossible) for cybercriminals to steal data.
If an employee navigates to a malicious website or downloads an infected attachment, any vulnerability in the software running on a device will be exploited by the malware. By keeping software patched and up to date, an organization can minimize the chances of malware infection. However, this is not a fool-proof method as ‘zero day’ exploits are not prevented by updates and patches.
Training staff about the dangers of phishing and other password-related security attacks can help to reduce the risk of password stealing malware infection.
Passwords are the keys to the kingdom of data and their theft can lead to financial losses, non-compliance fines, and even staff sackings. But cybercriminals are continuously changing tactics to evade detection and to exploit vulnerabilities to steal passwords. Best practices such as keeping software on devices up to date or training staff about phishing can only go so far. The best practice of all is to use these alongside powerful email security and content filtering solutions to stop the attacks before they hit your network and steal passwords.
TitanHQ is a multi-award-winning cloud security vendor, providing advanced threat protection for MSPs, SMBs and schools. Talk to a TitanHQ security expert to find out how we can use our advanced solutions to secure your organization from advanced threats. Talk to an expert today.
Sign-up for email updates...