With more than 15% of Internet users reporting takeovers of their email or social networking accounts, new research by Google and the University of California, Berkeley has shed light on how passwords are stolen and how accounts are hacked.
Tracking Black Markets
The research, which took place between March 2016 and March 2017, and focused on password stealing tactics, tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging.
This tracking identified a staggering 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches.
Google’s summary of the research was that enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets. This means that many of us are (unknowingly) at risk of suffering a takeover of our accounts.
For example, the research found that 12% of the exposed records included a Gmail address serving as a username and a password, and, of those passwords, 7% were still valid due to reuse.
Google Accounts - Targeted By Phishing and Keyloggers
The research showed that phishing and keyloggers frequently target Google accounts, and that 12-25% of attacks of their attacks yield a valid password. In fact, Google concluded that the 3 greatest account takeover threats are phishing, followed by keyloggers, and finally third-party breaches.
Password Alone Not Enough
With greater security being applied to many different types of accounts e.g. two-factor verification and security questions, the research acknowledged that a password is rarely enough to gain access to e.g. a Google account. This explains why attackers now have to try to collect other sensitive data, and the research found evidence of this in the 82% of blackhat phishing tools and 74% of keyloggers that now attempt to collect a user’s IP address and location, and in the 18% of tools that collect phone numbers and device makes and models.
What Does This Mean For Your Business?
It is worrying for all businesses that so much information and so many hacking tools are available to criminals on the black market, and that attackers are becoming more sophisticated in their methods.
It is good, however, that Google has made a serious attempt with the research to understand the scale, nature, and sources of the risks that their customers face. The real value to businesses will come from Google and other companies using the findings of the research to tighten account security, close loopholes, and try to keep one step ahead of cyber-criminals. Google has, for example, stated that it has already applied the insights to its existing protections with Safe Browsing now protecting more than 3 billion devices (alerts about dangerous sites / links), monitoring account logins for suspicious activity and requesting extra verification where needed, and regularly scans of activity across Google products. Google states that the scanning of its products enables it to prevent or undo actions attributed to account takeover, notify the affected user, and help them change their password and re-secure their account into a healthy state.
Google’s 2 key pieces of advice to customers to help prevent account takeover are to: