Passwords Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 09 Aug 2024 12:06:08 +0000 en-US hourly 1 https://wordpress.org/?v=88209 200474804 1Password Vulnerability for MacOS Causes Credentials Leak https://gridinsoft.com/blogs/1password-vulnerability-macos/ https://gridinsoft.com/blogs/1password-vulnerability-macos/#respond Fri, 09 Aug 2024 12:06:08 +0000 https://gridinsoft.com/blogs/?p=26181 A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app’s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible. 1Password Vulnerability… Continue reading 1Password Vulnerability for MacOS Causes Credentials Leak

The post 1Password Vulnerability for MacOS Causes Credentials Leak appeared first on Gridinsoft Blog.

]]>
A critical vulnerability was discovered in 1Password that allows attackers to steal vault items by bypassing the app’s security measures. It affects only the macOS version of the program, and touches every single version of the app. A patch is now available, and users are strongly advised to update as soon as possible.

1Password Vulnerability Let Attackers Exfiltrate Vault Items

1Password developers reported a critical vulnerability found in the Mac version of the app. This vulnerability, identified as CVE-2024-42219, was discovered by Robinhood’s Red Team during an independent security assessment of 1Password for Mac. It allows a malicious process running locally on a computer to bypass protections for inter-process communication. This issue affects all app versions up to 8.10.36.

On macOS, 1Password uses the system-native XPC interface for inter-process communication. XPC allows enforcing additional protections called the hardened runtime which allows enforcing processes you communicate with have additional protections from process tampering. This prevents certain local attacks from being possible.1Password Support
,

Vulnerabilities in password managers are always a massive source of headache for both developers and users. Recent events around the LastPass password manager, that led to a huge leak of login credentials, is the perfect example of what may happen if that case is not managed properly. Fortunately, 1Password acknowledged the issue way before hackers started exploiting it in real-world attacks.

Technical Details

The CVE-2024-42219 vulnerability is related to bypassing inter-process communication (IPC) protections in 1Password for Mac across all versions up to 8.10.36. If a malicious process is running locally on the computer, it can circumvent these protections. This allows attackers to steal vault items and obtain credentials necessary for logging into 1Password, such as the account unlock key and SRP-𝑥 (Secure Remote Password) values. 1Password Vaults are secure containers for storing and organizing items, allowing users to share specific information with selected individuals. Essentially, they are mini password managers within the main application.

However, certain conditions are required to exploit this vulnerability: the attacker needs to convince the user to execute malicious software on their computer. During the attack, the absence of specific macOS checks for inter-process communication can be exploited. This allows the attacker to spoof or hijack trusted 1Password integrations, such as the browser extension or command-line interface. Fortunately, there have been no reports of this vulnerability being exploited in the wild.

1Password’s Response

1Password promptly released an update to patch this vulnerability as soon as they were notified. Details about the issue were disclosed on relevant news platforms after the patch was released, which upset some users who expected to see it in the changelog. However, it’s clear that the company maintained informational silence to ensure user safety.

1Password strongly recommends that all users update their app to version 8.10.36 as soon as possible to mitigate potential risks. The company also expressed gratitude to Robinhood’s team for responsibly disclosing the vulnerability and for their close collaboration, which ensured timely protection for users.

The post 1Password Vulnerability for MacOS Causes Credentials Leak appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/1password-vulnerability-macos/feed/ 0 26181
How To Securely Store Passwords https://gridinsoft.com/blogs/how-to-securely-store-passwords/ https://gridinsoft.com/blogs/how-to-securely-store-passwords/#respond Wed, 05 Jun 2024 08:54:05 +0000 https://gridinsoft.com/blogs/?p=9150 Password security remains a point of heavy discussions among the numerous other cybersecurity topics. It happens to see one’s saying following password security is a must, as well as people who say all this is pointless and malware will grab credentials anyways. But why is there such a desperate need for password security? And what… Continue reading How To Securely Store Passwords

The post How To Securely Store Passwords appeared first on Gridinsoft Blog.

]]>
Password security remains a point of heavy discussions among the numerous other cybersecurity topics. It happens to see one’s saying following password security is a must, as well as people who say all this is pointless and malware will grab credentials anyways. But why is there such a desperate need for password security? And what is the safest way to store passwords? Let’s find the answer.

Password Security Dangers

Today, one user on average has about 100 accounts, including social media, banking, and personal accounts. Despite looking as something of a lesser value, they in total give a tremendous amount of information about the user. Moreover, possessing someone’s online account opens gates to impersonation attacks – a type of phishing that is considered one of the most effective.

Cybercriminals may use gazillion different tools to get their hands on user information. However, the majority of them bear on only a few mistakes and weaknesses of how people usually treat passwords. This, in combination with more proactive approaches, puts quite a lot of people in danger of password leaks and identity compromise. I’ve gathered the most common password security dangers:

Weak or default passwords Common examples include «123456», «password», «qwerty». Attackers often use lists of these common passwords in dictionary attacks, where they systematically try each word in a precompiled list.
Password reusage Short passwords are vulnerable to brute-force attacks, where attackers try every possible combination of characters. For example, a 6-character password consisting of lowercase letters has 26^6 (308,915,776) combinations, which can be quickly cracked by modern computers.
Phishing attacks Attackers create fake websites or emails that appear legitimate to trick users into entering their passwords. It’s the most popular method of compromise today.
Data breaches Attackers use the exposed credentials to try logging into other sites, exploiting users’ tendency to reuse passwords. Even hashed passwords can be cracked if weak hashing algorithms were used or if the attackers have sufficient computing resources.
Brute Force Attacks Usually, attackers use automated tools to try every possible password combination until they find the correct one. The effectiveness of brute force attacks depends on password complexity, rate limiting, and allowed attempt count.
Social engineering Attackers exploit human psychology to trick users into revealing their passwords.
Keylogging and malware Keyloggers can capturing keystrokes and sending them to the attacker.
Insufficient protection measures Insufficient protection measures includes lack of multi-factor futhentication, poor password storage.
Password sharing Sharing passwords can lead to unintended access and compromises. Risks include accidental sharing and security breaches.

How to Store Passwords Securely?

There are two main methods for securely storing passwords today. The most reliable method is using a password manager. Compared to other methods, which I will discuss shortly, password managers have significant advantages. These programs allow you to securely store passwords in an encrypted form, generate complex passwords, and automatically fill them in on websites.

Password generator screenshot
Password generator

Another relatively safe method for storing passwords is the standard password-saving feature in browsers. Previously, this was not a very secure place to store passwords, as they were stored in plain text and could easily be stolen by attackers. However, today, all popular browsers store passwords in an encrypted form, adding an additional layer of security. Nonetheless, despite these browsers taking extra precautions to ensure the safety of saved passwords, this method is still not the most secure option for storing your credentials.

Keeping in a Web Browser

All modern web browsers offer built-in password storage, which many people readily use. But is it really secure? In the past, web browsers stored passwords locally on the user’s disk in plain text. This meant that attackers could easily gain access by copying the password file or dumping its contents. Today, the situation has improved – most popular web browsers store passwords in encrypted form. These are the following:

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox
  • Safari

These browsers use two-factor authentication, AES encryption (with Apple Safari using Keychain for storing passwords on Apple devices), and allow password synchronization through user accounts.

Build in password manager screenshot
Build in password manager

In addition to the browsers listed above, there are others such as Opera, Brave, and Vivaldi. While Opera uses encryption to store passwords, it doesn’t develop as actively as the aforementioned browsers. For other Chromium-based browsers, security depends on the specific browser and its update and protection policies.

Password Keeping Applications

Password managers are applications designed to create secure passwords and store them in an encrypted vault. They allow you to store hundreds of encrypted passwords. The only password you need to remember is the master password. I recommend using this method for storing passwords because it is perfectly suited for the task.

Average Password Manager screenshot
Average Password Manager

Since password storage is a big responsibility, I recommend using an open-source password manager. This ensures security because anyone can review the source code and verify its safety. One such option is Bitwarden, which is fully open-source, regularly undergoes security audits, and has never been involved in data breaches. In terms of functionality, Bitwarden offers features like multi-device support and offline access. Another excellent open-source password manager is KeePass, which is also free.

Another useful feature of these password managers is the built-in password generator. Whenever a user registers on a website, the password manager can generate a strong, unique password and save it immediately. Users can customize the password length and the characters used. This significantly reduces the chance of passwords being cracked through brute-force attacks.

However, not all password managers are secure. For instance, the once-popular password manager LastPass, which was considered the best at one time, has had multiple security issues. Despite not being an open-source manager, it has been hacked several times, with attackers managing to steal users’ saved passwords. Therefore, for security reasons, I do not recommend using LastPass.

Worst Ways to Store Passwords

We’ve discussed how to properly store passwords; now let’s look at how not to store them. The general rule is to never store your passwords in a visible place, especially if that place can be accessed by others. Here are some of the worst places to store passwords:

Sticky Notes

While it may seem convenient and easily accessible, this is also highly insecure, especially if the note is stuck to your computer monitor or desk. In such cases, passwords meant to protect your accounts are easily visible to anyone who enters your workspace.

Notebook or Journal

Like sticky notes, writing down passwords in a personal journal or notebook is not a great idea. Although it can be hidden, there is no guarantee that someone won’t come across it. If your notebook falls into the wrong hands, nothing stops that person from reading it and finding your passwords.

Screenshots in the phone gallery

Sometimes, when a user registers somewhere and needs to quickly save their data, they take a screenshot. This is undoubtedly the fastest and easiest way to save information. However, it is also an insecure method because sensitive information is stored in plain view. Anyone with access to the gallery can access the data.

Email or Messaging Apps

As messaging apps evolve, many users save important information in chats with themselves. This can be fine for documents, files, or memes, but it’s a bad idea for passwords and sensitive information. If the messenger uses encryption, reinstalling the app can result in losing this information. On the other hand, if the messenger doesn’t use end-to-end encryption, your password ends up on the messenger’s servers.

Text Files

This is a very simple and convenient way to store information. However, it’s not reliable because a text document is not encrypted, and anyone who opens it can see or copy your password.

The post How To Securely Store Passwords appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/how-to-securely-store-passwords/feed/ 0 9150
Password Stealer https://gridinsoft.com/blogs/password-stealer/ https://gridinsoft.com/blogs/password-stealer/#respond Tue, 28 May 2024 11:04:42 +0000 https://blog.gridinsoft.com/?p=1843 Password stealer is a type of data stealing malware, that aims at a specific category of information. They are often spread through phishing, malvertising, and sometimes in cracked software. Let’s have a more detailed look on how they work, and how to protect yourself against password stealers. What Is a Password Stealer? As its name… Continue reading Password Stealer

The post Password Stealer appeared first on Gridinsoft Blog.

]]>
Password stealer is a type of data stealing malware, that aims at a specific category of information. They are often spread through phishing, malvertising, and sometimes in cracked software. Let’s have a more detailed look on how they work, and how to protect yourself against password stealers.

What Is a Password Stealer?

As its name suggests, password stealer is a type of malware that aims to steal sensitive data. Mainly, this is about credentials to email accounts, social networks, and online banking. But these days, quite a few password stealers incorporate more diverse functionality. They now target crypto wallets, cookies, browser cache and saved passwords, Discord session tokens, and more.

how password stealer works

The primary distribution method of password stealers is phishing emails with malicious attachments. Sometimes, however, password stealers can also be distributed via malicious ads in search results. In a selection of cases, spear phishing was used to attack a specific person with the malware.

Technical Analysis

All stealers are generally very similar, so the properties that the current instance has to apply to the others, perhaps with minimal differences. This will be a rather simplified analysis aimed at understanding how password stealer works. I will get through the most common and important actions that this malware does. For the test sample, I’ve chosen Vidar Stealer – a classic password stealer written in C++. The attack commonly begins when the victim runs an infected file.

Defense Evasion

Like most malware, it has a few tricks that make it particularly difficult to detect on the system. When the malware comes under the guise of the installer of a legitimate program, it can contain a row of null bytes at the beginning, which pushes its size over 700 MB. This size allows it to avoid instant detection by antivirus solutions and online checkers like VirusTotal. Another trick aimed at evading detection is code obfuscation. The malware also checks system parameters to ensure it is not running in a virtualized environment. It checks values such as:

HKLM/System/Setup
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

These keys contain information about the system and hardware, which allows you to create a digital fingerprint of the infected system in addition to identification.

Data Collection

Once the malware is convinced that it is not running in a sandbox and has established a foothold in the system, it moves on to its primary function – information gathering. password stealer collects the following information from browsers:

C:\Users\admin\AppData\Local\Temp\History\History.IE5\index.dat
C:\Users\admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\system32\CRYPTBASE.dll
C:\Documents and Settings\\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
C:\Users\user\AppData\Local\Google\Chrome\User Data\

These folders contain information such as autofill, saved passwords, cookies, cache, and browser extensions. Next, stealer tries to collect crypto wallet data by checking the locations you can see below. This list includes only a few wallets, as the exact list is too long to mention.

C:\Users\user\AppData\Local\Blockstream\Green\wallets\
C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\

Data Exfiltration

The malware’s final operation step is stolen data exfiltration. To do this, password stealer communicates with C2 (Command and Control) to receive further instructions. By the way, there can be various options for communicating with C2. Attackers often still use classic C2 servers; sometimes, they use Telegram or Mastodon as intermediate servers. However, in our case, the malware uses Steam. Before sending the stolen data, stealer sends several requests, including:

GET https://steamcommunity.com/profiles/76561199548518734 200

This is a link to a Steam profile. However, the strange name profile’s name “sppmon http://195.201.131.165|” is the command for malware. This is actually the address of the final server that the stealer should connect to. The phrase “This user has also played as” suggests that the address in the name changes quite often.

Steam profile screenshot
Steam profile as intermediate server

When finished, stealer self-deletes itself and covers its tracks. Though, not all infostealers do this, preferring to stay in the system even after extracting all the data. But when they do, the shell command comes in handy:

"%ComSpec%" /c taskkill /im "%SAMPLENAME%" /f & erase "%SAMPLEPATH%" & exit

Difference Between Password Stealer and Spyware

Password stealers and spyware may look similar, but have some fundamental differences. The first difference lies in the principle of operation: stealer works quietly and quickly, often sticking to “steal and leave” tactics. Spyware, on the other hand, aims at a long and permanent presence in the system. Although some stealers can take screenshots and capture keyboard inputs in addition to collecting sensitive data, this is not the main functionality.

Spyware, on the other hand, can stay on an infected system for months and continuously collect data. This includes screenshots, capturing keystrokes, and camera and microphone recordings. This data is sent periodically or in real-time to the attacker’s server.

Safety Recommendations

Malware and password stealers in particular tend to become more and more sophisticated. Getting harder to detect, picking new spreading ways, collecting more and more data – all this makes them a menace to be aware about. Fortunately, the ways to prevent this from getting into your PC is not particularly hard.

  • Be careful with email attachments. This method is still the leading method among successful malware infections. Do not open attachments or click on links if the email has a suspicious sender or is not the email you were intentionally expecting.
  • Avoid cracked software. Pirated software is illegal in itself, but it carries serious risks. Attackers embed malicious code in “repacks”, as installing most hacked programs requires disabling security software.
  • Use security software. A reliable antimalware solution is essential because it can prevent malware from running and installing in case of user error. In addition, it will generally provide comprehensive protection by significantly reducing infection vectors. In addition, advanced solutions such as GridinSoft Anti-Malware have an Internet Security module that blocks potentially malicious sites.

The post Password Stealer appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/password-stealer/feed/ 0 1843
Top Facebook Scams 2024: How to Avoid Them https://gridinsoft.com/blogs/top-facebook-scams/ https://gridinsoft.com/blogs/top-facebook-scams/#comments Tue, 14 May 2024 13:46:58 +0000 https://gridinsoft.com/blogs/?p=9899 More than 2.8 billion people log in to Facebook monthly to connect with friends, share information, get their news, and even shop. The world’s most popular social media platform is Facebook. The site has so many active users that scammers have a huge potential pool of victims to try their tricks on. If only a… Continue reading Top Facebook Scams 2024: How to Avoid Them

The post Top Facebook Scams 2024: How to Avoid Them appeared first on Gridinsoft Blog.

]]>
More than 2.8 billion people log in to Facebook monthly to connect with friends, share information, get their news, and even shop. The world’s most popular social media platform is Facebook. The site has so many active users that scammers have a huge potential pool of victims to try their tricks on. If only a tiny part of those people get scammed, that is still a massive win for the scammer. Unfortunately, the site’s popularity makes it vulnerable to cybercriminals.

According to the U.S. Federal Trade Commission, hundreds of millions of dollars are lost annually due to social media scams. Knowing the most common scams and taking the appropriate steps to avoid them is how you can prevent them on Facebook.

Top Facebook Scams
Top Facebook Scams

Most Common Facebook Scams Today

Fraudsters develop new ways and methods to make an attack and remain unseen. Such threats are often the users’ login credentials and financial data. Here is a list of the most common Facebook attacks on the social network.

RELATED CONTENT
Recently, there has been an increase in Facebook Messenger infections spread through phishing. Typically, the Facebook Messenger virus spreads and installs the FormBook trojan on the victim’s system.

Phishing Scams, Facebook Email Scams

Facebook Phishing emails are increasingly used in Facebook fraudulent attacks, and Facebook users are exposed to such attacks as well. Such letters will include a link and wording that tells you to go to Facebook. The link will take you to a website that looks like Facebook but is fake. Sometimes, websites will tell you that you’ve gotten your account hacked. Other times, they will ask you to verify your login information. There are many of the most dangerous types of phishing attacks that are carried out using various technologies.

RELATED CONTENT
What is a phishing scam? This is an attack carried out by an attacker on a user using a form of social engineering. Consider the 5 main signs of phishing.

One way that sites are trying to get you now is to email you a link to reset your Facebook account, saying that it has been shut down for security reasons. Cybercriminals want you to give them private information using fake websites or apps. The reason can be anything, but their goal is always the same. When you fall for a phishing scam, criminals have all the information they need to mess up your social media account.

Shopping Facebook Scams

Facebook is a platform where many companies and organizations work; they put their data and do business. Most organizations promote their products there and look for potential customers through various advertising posts, messages, and others. This is another one of the great examples of Facebook attacks to watch out for! Fraudsters, in this case, are no exception; they can also attract the audience to buy a particular product. As a result, the user can believe the banner and pay for the offered thing but never get it.

Bogus Job Facebook Scams

Announcing good online work is always tempting. But it should be understood that such offers can be fake and do not carry profound implications. So before agreeing to such an offer, ensure the legitimacy of the organization that makes such an announcement. Because if you take this job, the first thing you’ll be asked about is your address, your insurance number, a copy of the paperwork, and other important data. In this case, you risk compromising your privacy.

RELATED CONTENT
Online attacks are rampant on such popular platforms, another notable example being the Microsoft email scam or Snapchat hacker attacks. These can be ransomware, Trojans, and other malicious programs.

Charity Scams

Fraudsters always try to influence the user’s emotional state. The charity case is no exception. Scammers create fake charity profiles that post photos of outsiders who need immediate help and make money from donations. On this basis, be careful before you make a transaction; explore the organization that does this. Helping the sick or the elderly is good, but address the money to the ones who need it.

How to Avoid Facebook Scams

Below, we will guide you to protect yourself from Facebook fraud. With these tips, you can reduce the risk of fraudulent threats to you and your data.

1. Lock down your Facebook privacy settings

Make sure your privacy is well protected. For example, you can hide pictures and videos from third-party users who are not your friends. To do so, make the following changes in Settings:

  1. Launch the Facebook app.
  2. In the upper right corner of the screen, tap on the down arrow (on iPhone) or hamburger menu (on Android).
  3. Select Settings & Privacy from the menu.
  4. On iPhone, choose Privacy Checkup. On Android, tap Settings to open another page where Privacy Checkup is. After that, Facebook will walk you through the most common privacy settings and recommend each option.

2. Enable two-factor authentication

Two-factor authentication is a good way to log in to your account more securely. It supposes you should enter the one-time code you receive on your phone number, aside from your login and password, when logging in. You will receive this code as a text message or through the application. To do this, follow the instructions below:

  1. Launch Facebook on your computer or app.
  2. In the upper right corner of the screen, tap on the down arrow.
  3. Select Settings & Privacy > Settings > Security & Login.
  4. At the bottom of the page, find the Two-Factor Authentication and tap Edit.

3. Decline a friend request from anyone you don’t know

Please take it as a habit not to accept all requests as friends. You don’t need extra friends if you are not blogging or interested in publicity. Communicate only with those you know. It’s an excellent way to protect yourself from many phishing attempts.

Top Facebook Scams 2024: How to Avoid Them

4. Ignore messages asking for personal information or money

If you have received a letter asking for financial assistance from a stranger, it is better to ignore this. If this character is on your friend list, then better call him and find out if he needs it. Such requests via Facebook are more of a scam than a serious request for help.

5. Don’t click on suspicious links

Avoid clicking on links or attachments no matter what message you receive. Open them only if you know for sure that these are messages from the user you really know. If you do not know how to verify the legitimacy of the sender, then follow these instructions:

  1. Launch Facebook on your computer or app.
  2. In the upper right corner of the screen, tap on the down arrow.
  3. Select Settings & Privacy > Settings > Security & Login.
  4. At the bottom of the page, find Advanced and tap Recent Emails from Facebook.

6. Check your login history regularly

Keep an eye on where your account is logged in from. This will help you to detect and remove unwanted sessions. It may also be an indicator of compromised account security.

  1. Launch Facebook on your computer or app.
  2. In the upper right corner of the screen, tap on the down arrow.
  3. Select Settings & Privacy > Settings > Security & Login.
  4. At the bottom of the page, find Where You’re Logged In and review it for accuracy. Delete any suspicious logins.

7. Use a strong password

Using the same password for several accounts is undesirable. Therefore, create a strong and unique password that will not be easy to decrypt. To do this, use combinations with different letters and characters. The most specific passwords are easiest to crack with various password dictionaries and brute force tools.

READ AlSO
Protect all your saved passwords, and learn features, steps, and best practices. Attackers are always determined to steal your data and develop hundreds of methods for this. Why is it important to store your passwords securely?

8. Search regularly for accounts in your name

At that moment, too, you should remember and look for profiles with such a name on the network from time to time. Because fraudsters often use cloning accounts to appear like legitimate users. If you find such a counterpart, inform Facebook support about such a profile. To do this, tap on the three dots on a person’s profile and choose to Find Support or Report Profile. That is especially important when you are a public person, and someone may be interested in stealing your identity.

The post Top Facebook Scams 2024: How to Avoid Them appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/top-facebook-scams/feed/ 1 9899
OAuth2 Session Hijack Vulnerability: Details Uncovered https://gridinsoft.com/blogs/oauth2-vulnerability-details/ https://gridinsoft.com/blogs/oauth2-vulnerability-details/#respond Tue, 09 Jan 2024 08:52:09 +0000 https://gridinsoft.com/blogs/?p=18862 A sophisticated exploit targeting Google’s OAuth2 authentication system was uncovered by Prisma threat actor. This exploit leverages undocumented functionalities within Google’s MultiLogin endpoint, enabling attackers to generate and maintain persistent Google cookies even after a password reset. OAuth2 Vulnerability Allows for Persistent Session Hijacking The attackers found a way to use specific components within the… Continue reading OAuth2 Session Hijack Vulnerability: Details Uncovered

The post OAuth2 Session Hijack Vulnerability: Details Uncovered appeared first on Gridinsoft Blog.

]]>
A sophisticated exploit targeting Google’s OAuth2 authentication system was uncovered by Prisma threat actor. This exploit leverages undocumented functionalities within Google’s MultiLogin endpoint, enabling attackers to generate and maintain persistent Google cookies even after a password reset.

OAuth2 Vulnerability Allows for Persistent Session Hijacking

The attackers found a way to use specific components within the Chrome browser to hijack sessions without a risk of it being interrupted by password changes. They targeted Chrome’s token_service table, part of the WebData, to exfiltrate tokens and account IDs. This table contains essential information, such as the GAIA ID and the encrypted_token column. Next, the attackers decrypted these encrypted tokens using a key stored in Chrome’s Local State within the UserData directory.

This method is similar to how Chrome stores passwords, indicating that the attackers deeply understood Chrome’s data management system. The exploit’s success relied on the attackers’ ability to navigate and utilize Chrome’s intricate data structures, specifically those related to user authentication and token management.

MultiLogin Endpoint Is The Culprit

The MultiLogin endpoint is a crucial element of Google’s OAuth2 system. It synchronizes Google accounts across various services, ensuring a consistent user experience by aligning the browser account states with Google’s authentication cookies. However, attackers have found a way to exploit this endpoint’s functionality. By providing vectors of account IDs and auth-login tokens, attackers can maintain unauthorized access to Google services.

Although this is a regular operation for the endpoint, attackers have used it maliciously. The endpoint’s invisibility and exploitability make it an ideal target for exploitation. It is not widely documented or known, and its role in managing simultaneous sessions or user profile switches makes it a potent tool for attackers once they understand how to manipulate it.

The Discovery and Spread of the OAuth2 Exploit

Back in October 2023, one of the malware developers described a vulnerability in OAuth2 and the exploit to it on its Telegram channel. This exploit uniquely allowed the generation of persistent Google cookies by manipulating tokens. This capability ensured continuous access to Google services, bypassing standard security measures even after resetting the user’s password​​. Obviously, the exploit’s potential didn’t go unnoticed.

TA's Telegram post screenshot.
A threat actor announced a 0-day exploit on the Telegram channel.

Lumma infostealer was the first to integrate this exploit in November 2023, employing advanced blackboxing techniques to protect the methodology. This incorporation marked the beginning of a trend, as the exploit quickly caught the attention of various malware groups. Following Lumma, malware entities like Rhadamanthys, Stealc, Meduza, Risepro, and WhiteSnake implemented the exploit. Each group brought nuances to the exploit’s application, indicating its versatility among cybercriminals​​.

Hidden Tactics

In addition, the attackers manipulated the token:GAIA ID pair, which is also essential in Google’s authentication process. This manipulation allowed them to regenerate Google service cookies and maintain unauthorized access to user accounts. Thus, Lumma, a key player in exploiting this vulnerability, encrypted the critical token:GAIA ID pair with proprietary private keys. This process, known as “blackboxing,” not only obscured the core mechanics of the exploit but also made it difficult for other malicious entities to replicate the method.

Since the attackers encrypted the communication between their C2 and the MultiLogin endpoint, it was challenging for network security systems to detect the exploit. Standard security protocols often overlook such encrypted traffic, mistaking it for legitimate data exchange.

Interim Measures for Protection

While Google is working on fixing the vulnerability, there are some immediate steps you can take to protect your account. First, it is recommended that you log out of all your browser profiles. This will invalidate your current session tokens. After logging out, change your password and log in again. The action will generate new session tokens. Such a step is essential because tokens and GAIA IDs may have been stolen, and generating new session tokens will prevent unauthorized access by rendering the old tokens useless.

The post OAuth2 Session Hijack Vulnerability: Details Uncovered appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/oauth2-vulnerability-details/feed/ 0 18862
1Password Hacked Following the Okta Hack https://gridinsoft.com/blogs/1password-hacked-after-okta-hack/ https://gridinsoft.com/blogs/1password-hacked-after-okta-hack/#respond Wed, 25 Oct 2023 16:00:48 +0000 https://gridinsoft.com/blogs/?p=17308 Recent security breach in the 2FA provider Okta appears to affect some of its clients. Among others, a password management service 1Password reported about the “suspicious activity” that is most likely related to the situation in Okta. What happened to Okta? At the end of October 2023, Okta released a notification on social media about… Continue reading 1Password Hacked Following the Okta Hack

The post 1Password Hacked Following the Okta Hack appeared first on Gridinsoft Blog.

]]>
Recent security breach in the 2FA provider Okta appears to affect some of its clients. Among others, a password management service 1Password reported about the “suspicious activity” that is most likely related to the situation in Okta.

What happened to Okta?

At the end of October 2023, Okta released a notification on social media about the security breach. The named reason is the lack of session token validation, which made it possible for hackers to access the computers of tech support employees. From this point, cybercriminals were able to access files sent by other customers; these files commonly contain cookies, their session tokens and the like.

Okta hack notice
Official note from Okta regarding the hack

This is not the first time when Okta gets into trouble with hackers. In March 2022, hackers from Lapsus cybercrime group managed to hack into the laptop of their tech support engineer. This affected a small portion of Okta customers – only ~2.5%, still a large enough number as the company is a major identity management provider. Such recurring hacks, especially within one specific division of the company, strikes its image pretty hard, to say the least.

1Password Hacked Through the Okta Hack

Despite how bad the Okta hack sounds, it is not that bad for 1Password. At the moment, the company reports about ceasing any operations related to the accounts of their employees that used Okta services. Further investigation showed that it is nothing to worry about – no accounts were compromised whatsoever.

On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing. — the report upon the situation.

Although things appear to be fine on the 1Password side, it may not be over yet. New details of the hack appear each day, even though all the key events happened almost a month ago, on September 29.

Should you be worried?

In all this situation, the best part of it is that companies do not hesitate to notice exposed customers. Actually, no 1Password user data was touched, though it is different for Okta. They were – and continue – sending emails to users whose credentials are potentially in danger with recommendation upon further actions. Hence, keep track of emails from Okta, and this will be it for keeping up to date with the situation.

1Password Hacked Following the Okta Hack

The post 1Password Hacked Following the Okta Hack appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/1password-hacked-after-okta-hack/feed/ 0 17308
“Password” Topped the List of the Most Common Passwords in 2022 https://gridinsoft.com/blogs/the-most-common-passwords/ https://gridinsoft.com/blogs/the-most-common-passwords/#respond Mon, 28 Nov 2022 09:36:33 +0000 https://gridinsoft.com/blogs/?p=12300 The NordPass password manager team has prepared annual statistics by analysing the most commonly used and weakest passwords of 2022. Let me remind you that we also wrote that Password meter services put Internet users at risk. Years go by and some things don’t change. After reviewing more than 3 TB of data provided by… Continue reading “Password” Topped the List of the Most Common Passwords in 2022

The post “Password” Topped the List of the Most Common Passwords in 2022 appeared first on Gridinsoft Blog.

]]>

The NordPass password manager team has prepared annual statistics by analysing the most commonly used and weakest passwords of 2022.

Let me remind you that we also wrote that Password meter services put Internet users at risk.

Years go by and some things don’t change. After reviewing more than 3 TB of data provided by independent security experts, NordPass compiled a list of the 200 most common passwords and found that “password” is still the most popular of them.

Next in this anti-rating are “123456”, “123456789”, “guest”, “qwerty” and many other bad passwords that can be simply guessed and picked up by hand without resorting to any special tools. To crack such passwords, according to experts, it takes from <1 to 11 seconds.

the most common passwords

The experts also studied how various world trends influence the inventing of passwords. For example, the password “Oscar” appears especially often when the movie awards are coming up (62,983 times in total). Additionally, passwords such as “Batman” (2,562,776 times detected), “Euphoria” (53,993 times) and “Encanto” (10,808 times) associated with the films and series of the same name have seen surges in popularity.

Since the imagination of users is not limited to “123456” and “password”, below you can see lists of the most common passwords by category, including movies, games, sports, cars, food, and even obscene words.

the most common passwords
the most common passwords
the most common passwords

Let me remind you that in 2020 the most popular password options were: “123456”, “123456789”, “picture1”, “password” and “12345678”.

In 2019, the “onedirection” password ranked 184th on the list. This year such password disappeared from the TOP. Does this mean the band is losing popularity as its members pursue solo careers, or are their fans becoming more cyber-conscious?

When choosing a password, the researchers remind users to avoid obvious patterns or repetitions, such as letters or numbers next to each other on a keyboard. Adding a capital letter, symbols, and numbers can also make your password more secure. Finally, never use personal information such as your date of birth or name as a password.

Also note that Windows 11 22H2 Warns That It’s Not Safe to Store Passwords in Notepad.

The post “Password” Topped the List of the Most Common Passwords in 2022 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/the-most-common-passwords/feed/ 0 12300
Is It Safe to Use a Password Manager in 2022? https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/ https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/#respond Fri, 10 Jun 2022 18:26:48 +0000 https://gridinsoft.com/blogs/?p=8452 What’s the Idea Behind Password Managers? In the cybersecurity world, everyone knows that passwords are real. It’s only in the movies hackers can effortlessly detour or hack passwords. A strong password provides decent data protection. Since an average internet user nowadays has many accounts on different online services, remembering passwords becomes a serious nuisance. Using… Continue reading Is It Safe to Use a Password Manager in 2022?

The post Is It Safe to Use a Password Manager in 2022? appeared first on Gridinsoft Blog.

]]>
What’s the Idea Behind Password Managers?

In the cybersecurity world, everyone knows that passwords are real. It’s only in the movies hackers can effortlessly detour or hack passwords. A strong password provides decent data protection.

Since an average internet user nowadays has many accounts on different online services, remembering passwords becomes a serious nuisance. Using services other than social media or email becomes inseparable from a boring “forgot password” procedure.

Dashlane Interface
Interface of Dashlane. one of the most trusted and popular password managers.

To stop these work process disruptions and at the same time improve data security, people invented password managers. Are they secure, and should you use them? That’s what this post is about.

Is it Safe to use Password Managers?

The programs in question store passwords from different accounts and automatically fill them into the respective websites’ log-in forms. They also generate strong passwords for each account, saving the user the trouble of doing it. Thus, clients keep all their extremely strong passwords in one box and benefit from forms auto-filling. That does not sound secure at all, you might say, and you would be surely right. If not for certain security measures in password managers, the disputed services would rather jeopardize passwords than manage them wisely. Having all keys collected together without proper protection would make them easy prey.

However, there are high-end programs among password managers that feature security mechanisms making digital fortresses out of them. That doesn’t mean that all safety issues are solved, that is not so (we’ll talk about that further,) but in most cases, a password manager can be helpful and handy.

Security Features

  • The first thing that must be said is that password managers use the so-called zero-knowledge architecture. That means no person except you know your passwords stored in the password manager’s vault. The manager doesn’t “know” them either because all the passwords are encrypted and protected by the master password, which is not stored in the vault. You know it, and it belongs to you.
  • By the way, the vault is cloud storage. Any connection between your PC and the cloud is encrypted. It is called end-to-end encryption. We have described how such encryption works in our post on SSL certificates. The principle for establishing secure connections is the same – a combination of asymmetric and symmetric encryption. Briefly speaking, should hackers even get the data stored on password manager’s cloud servers, they won’t be able to do anything with it.
  • Asymmetric Encryption
    Asymmetric encryption is the key to safe encrypted connections in modern communications.
  • Surely, password managers will audit your credentials, change them regularly, warn you about any weaknesses in your password-login combinations, and so on.
  • Logging into the manager program can be accompanied by two-factor authentication to make it as secure as possible. 2FA means you will confirm your identity via another device as you log in and enter your master password.
  • Although data breaches are unlikely and pointless since there is end-to-end encryption, some password manager manufacturers monitor the Internet to detect any leakages or breaches if they happen, to inform users about them ASAP.

If you make up your mind to purchase a password manager, make sure the program you have chosen supports the features mentioned above.

Can Password Manager Still be Hacked?

Master Password – the Key to the Kingdom

Theoretically, a password manager hack is possible, although extremely unlikely. Moreover, the target of such an attack will definitely not be the cipher used in the vault itself. Attackers will need your master password, the code that will open the chest with the rest of your keys from different accounts. Most likely, hackers will seek a vulnerability in your habits and use social engineering. By the way, they may try to get your password out of you, posing as the developers of your password manager.

Making Your Master Password Strong

Therefore, we will still have to briefly say here that for a password to be strong, it must be composed of numbers, letters of both cases, and special characters. And, of course, it must be a long sequence of characters (at least twelve.) In addition, the password should not be based on some word with meaning because criminals often go for spear attacks. Those are personalized attacks; when they know something about the victim. Accordingly, neither names nor anyone’s dates of birth should appear in the password. Understandably, no one shouldF be given the key from the password manager. By the way, consider reading the guide to creating strong passwords on our blog.

What About Malware

But that’s not all, because we should not forget about malicious programs. If we just assumed that hackers might be trying to crack your password using brute force, then we need to know that they can go the easier way. They can infect your device with spyware! Moreover, we don’t mean spyware that collects some data in the background while you are browsing the network. No, now we are talking about the most dangerous programs, which are sometimes also classified as spyware, namely keyloggers and screen loggers. The first ones capture keystrokes, while the second ones send everything that happens on your screen somewhere to the attackers’ server. If you use a virtual keyboard, the keylogger is not dangerous for you, but there is still no way against the screen logger.

Is It Safe to Use a Password Manager in 2022?

Both these programs can be hidden from human eyes with the help of a rootkit – another powerful hacker tool. Such programs on your computer would indicate that it has been at risk all this time.

Security Solutions

However, to prevent malware from penetrating your device, and to remove it, should it infect your machine, there are antiviruses, such as GridinSoft Anti-Malware. It is a great program that has three types of protection. On-run protection, deep scanning, and browsing protection are also very important. The first function destroys the infection on approach. The second one, scan, will help you find well-hidden malware. The last feature mentioned is blocking and warning about malicious sites.

Unquestionable Benefits of Password Managers

Although we can never rule out the above-mentioned threats, they are unlikely to happen. If we discard them, we will have to admit that password managers possess some unquestionable benefits for the user. At least in comparison with the password policy of an average Internet user.

  1. Increased security! Undoubtedly, the machine generates strong passwords better than humans, and the program makes them unrelated to any meaning. Also, manager software stores your credentials flawlessly, keeping them protected with the highest level of security. A 256-bit AES encryption is no joke; we can count it unbreakable, at least for today.
  2. Password managers matchless ease browsing and Internet activities. On the one hand, your data becomes more protected. On the other hand, all this password-related fuss leaves you with a boring dream. You don’t need to invent passwords. Note them somewhere, just in case, forget them later, and reset them to access your account.
  3. Password managers are an effective countermeasure against phishing and, more specifically, website spoofing. A well-made fake website can catch even an experienced user off guard. Imagine you run onto a typo-squatting webpage that looks just like a website you intended to visit. You haven’t noticed your typo, and as the site fully loads, you see the familiar appearance of the sign-in form. There is a high chance that the user here would notice no pitfall, let alone if tired, and input the login and the password right into the password-stealing form prepared by malefactors. However, a problem for a human is not a problem for a machine at all. You will notice if your password manager suddenly refuses to fill out the credentials form automatically. And it won’t, of course, if the website address is different, even if it is a one-character difference.

The post Is It Safe to Use a Password Manager in 2022? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/is-it-safe-to-use-a-password-manager/feed/ 0 8452
TOP 7 Types of Password Attacks https://gridinsoft.com/blogs/password-attacks/ https://gridinsoft.com/blogs/password-attacks/#respond Mon, 06 Jun 2022 11:17:15 +0000 https://gridinsoft.com/blogs/?p=8314 What is a Password Attack? In the beginning, you probably already understood from the name what these attacks are and what they are aimed at. It is resistance against someone or something. Password attacks that are aimed at damaging accounts. They are programmed to cheat the authentication process to get into the account. After that,… Continue reading TOP 7 Types of Password Attacks

The post TOP 7 Types of Password Attacks appeared first on Gridinsoft Blog.

]]>
What is a Password Attack?

In the beginning, you probably already understood from the name what these attacks are and what they are aimed at. It is resistance against someone or something. Password attacks that are aimed at damaging accounts. They are programmed to cheat the authentication process to get into the account. After that, the attackers who control these attacks spread their malicious software or steal confidential data from victims’ accounts.

Types of Password Attacks

In this article, we will look at several types of password attacks, their working principle, and their main purpose. Also, consider methods of warning against them.

  • Dictionary Password Attacks
  • Brute-Force Password Attacks
  • Phishing Attacks
  • Man-in-the-Middle
  • Password Spraying Attack
  • Keylogger
  • Traffic Interception

Dictionary Password Attacks

This is a crude kind of attack through which an attacker works. Because he’s here to pick the most common passwords and try them out for multiple accounts. Also, take into account the dictionaries of the most common passwords and use them. This list of passwords can include the names of your relatives, the names of the dogs, the number, and the year of your birth. What can I do to warn myself against this?

  • Never write your passwords from the dictionary. This increases the level of a claim for you and gives more opportunities to the attacker.
  • Lock your account after some number of attempts, it can be two or five attempts but no more.
  • Use the password manager. With it, you can prevent dictionary attacks because it generates complex passwords.
READ AlSO
The most common cyber attacks today: tips for protection. Any site is susceptible to these attacks, from which side it is not clear.

Brute-Force Password Attacks

Attackers use many combinations of passwords and try to use them when entering victims’ accounts. This method is slightly outdated because it is time-consuming and long, but it is standard and one of the most common. There are several types of this attack. Consider the below:

  • Simple brute force attacks. In this case, the attacker controls logic. To guess the user’s password, he calculates possible variants and combinations based on knowledge and user. It could be the names of the family, the names of the dogs, and the children’s birthdays.
  • Credential stuffing. In this case, the attacker receives open passwords from vulnerable sites, through which the user has previously logged on to the system.
  • Hybrid brute force attacks. This method involves simply selecting a weak password with automated software that uses account substitution to reveal complex passwords. Organizations use a small number of variants in most derivative systems. Attackers also use user data templates to populate credential tools more accurately.
  • Reverse brute force attacks. This method involves searching for shared passwords in the system. The attacker tries to find a common group where shared passwords are written and tries to log into accounts through these passwords.

Phishing Attacks

Phishing1 is aimed at stealing sensitive data through fraud. Through emails, the attacker attempts to compromise the user’s ability to give his data to him. Intruders often use manipulation, extortion, deception, pressure on the user, and other insidious ways to get the user to hand over his bank accounts, account passwords, credit cards, and other confidential data. Examples of phishing attacks you can see below:

  • Regular phishing. In this case, the hacker masquerades as someone else’s company and fakes the sender’s address bar under it. And then you see the line with a glimpse, and you think it’s a legitimate company – you send them what they want you to. So the conclusion- read the sender’s address bar carefully, because under the wrong address can be a fraudster.
  • Spear phishing. Here, the hacker pretends to be your friend or colleague and asks you to send him something in the mail. If you think this is strange, you didn’t expect such a request from this person, then you better call him back and ask him if he sent it to you directly. Do you know the difference between phishing and spear phishing?
  • Smishing and vishing. The attacker works via phone call or text message at this stage. In such texts or calls, intruders warn you about possible hacking or fraud and ask you to switch to an account to eliminate it. You go and lose your data because hackers steal it. Infer-look at the numbers from which you get something.
  • Whaling. Here, the attacker works as if from a high-ranking person. He is writing on this behalf some message asking you to send you confidential data – you send and lose all your privacy.
READ AlSO
Fraudsters in all forms are trying to steal your data. Read the top 10 ways to recognize and avoid phishing.

Man-in-the-Middle Attack

In this type, the attacker is a third party. It decrypts passwords and messages that are transmitted between users. The attacker intercepts these messages. In this case, he can be called an intermediary. To do this, a hacker uses unprotected communication channels. How to avoid man-in-the-middle attack? How not to give all your information to the attacker?

  • Enable encryption on your router. If your computer can be accessed so easily, then it doesn’t have the proper encryption. And most likely, the person who can do that is using the technology “sniffer”.
  • Use strong credentials and two-factor authentication. To prevent an attacker from redirecting all your traffic to his or her hacked servers, you should change your router credentials from time to time.
  • Use a VPN. A VPN can protect your data from man-in-the-middle attacks. It can also provide you with all the guarantees that all the data sent to the servers are in a secure location.

Password Spraying Attack

This attack focuses on password theft. The process is this: the attacker selects several passwords and sprays on many user accounts. These passwords are taken with password dictionaries. Also, they can be the most common combinations such as password1, qwerty, 1111, and other standard passwords. The attackers think of every move and try to bypass the blocking system so that after some attempts, the account will not be blocked. Password spraying – quite careless, a rough form of attack. After several attempts to log in, the site begins to block the entrance.

Keylogger

The Attacker tries to install monitoring tools on the user’s computer and makes a secret key recording. The information is recorded via a keylogger and then passed to the attacker. Generally, the keylogger is used with good intentions to monitor employees and improve UX, but even here the attackers have learned to turn it for their evil intentions.

Traffic Interception

This type of attack involves intercepting network traffic for data collection and monitoring. The most common way to do this is with connections that do not use encryption. Most often, these can be Wi-Fi connections. Therefore, learn how to use public Wi-Fi safely: risks to watch out for. This attack comes under SSL – traffic that the attacker intercepts through an attempt to connect to a secure website.

How to Prevent Password Attacks

Our data is a part of our life, everyone, and we would not like any hackers to use it against us for their own good and desire for financial gain. Below we will give some tips on how to avoid or prevent an attack by an intruder:

  • Enforce strong password policies. To begin with, your passwords must be created correctly and securely. The number of characters should be at least 8, and the password itself should use not only letters or numbers but also capital letters and the inclusion of special characters. Your password must not contain any confidential information about you.
  • Organization-wide password security training. A crowded organization must notify its employees of suspected attacks and precautions. Therefore, employees should be aware of the creation of strong passwords and social engineering, through which disguised intruders can attack.
  • Enable Multi-Factor Authentication. Multi-factor authentication provides a more reliable security system. It provides additional security measures for the use of passwords.
  • Use a password manager. Password Manager is designed to help web administrators store and manage user credentials. This method will also help you generate a complex and strong password according to your security policy. Data is more protected from data leakage, as user credentials are stored in encrypted databases.

The post TOP 7 Types of Password Attacks appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/password-attacks/feed/ 0 8314
Password Spraying Attack Overview https://gridinsoft.com/blogs/password-spraying-attack/ https://gridinsoft.com/blogs/password-spraying-attack/#respond Wed, 01 Jun 2022 13:27:27 +0000 https://gridinsoft.com/blogs/?p=8227 Password Spraying – quite careless, a rough form of attack. After several attempts to log in, the site begins to block the entrance. But attackers bypass this block; after the first failed attempt, they start to hack other accounts and so on. Password spraying is a kind of cyber attack. The attacker wants to hack… Continue reading Password Spraying Attack Overview

The post Password Spraying Attack Overview appeared first on Gridinsoft Blog.

]]>
Password Spraying – quite careless, a rough form of attack. After several attempts to log in, the site begins to block the entrance. But attackers bypass this block; after the first failed attempt, they start to hack other accounts and so on. Password spraying is a kind of cyber attack.

The attacker wants to hack accounts. He selects the most common passwords and their combinations, for example, 1111, password, qwerty, and other unreliable passwords. These password combinations are sprayed into the account database, and those accounts whose users have not made reliable protection on their accounts fall under this attack. In general, it can be called a rand. Because the attacker does not know exactly who has an unreliable password, he tries to attack, and in one such attack, will hack some part of accounts.

Password Spraying Attack Work
Password Spraying Attack Work

How Does Password Spraying Attack Work?

The password spraying attack can be divided into three stages, see below:

  • Cybercriminals find or purchase a list of usernames online:
    They either look for them or buy them on the Dark Web. Sometimes intruders hack users’ names or emails due to templates found on companies’ websites or through some other templates.
  • They try different credential combinations until they are successful:
    At this stage, attackers often work through an automatic system that selects different combinations of passwords. It is not easy to do this manually. But they are still trying to find the right combination to avoid locking.
  • They gain access to user accounts:
    Well, at this stage, the attacker gets access to the user account, and already there, they are doing what they need: identity theft, selling them, and others.

Password Spraying VS Credential Stuffing

These two attack methods are similar in that both try to affect accounts somehow and capture them. In the first case – this is the spraying of passwords. In the second case – it is the throwing of credentials.

Credential stuffing is a kind of barbaric attack that is based on automated tools. These tools check the usernames and passwords of most of the accounts that are stolen until some account works. In the case of password attacks, the focus is on finding accounts and selecting different combinations of passwords without using any tools.

Main Signs of Password Spraying
Main Signs of Password Spraying

Signs of Password Spraying

You may have been hurt or only at the risk of an attack by a cybercriminal. Then below, we will provide you with a few points through which you will learn them:

  1. Increasing account blocking.
  2. Failed and unknown login attempts.
  3. Increasing Login attempts.

After these signs, you must understand that your account is at risk. Do not neglect this information and read below how to recover yourself from such an attack.

What to Do After Password Spraying Attacks

If you notice something wrong with your account, then immediately use the following steps:

  1. Change password. The first step is to change the password. Use a more robust and complex password. Make it not easy to crack. Do not risk yourself in this way.
  2. Contact Cyber Security. Contact your organization’s cybersecurity team. If the willow tree works for the company, you should contact your company’s safety department. You will help them deal with the attack; perhaps not only you have experienced it, inform someone so that no one will get hurt in the future.
  3. Find out why and find the culprit. Find out why yourself or with the help of security. Next, try to remove the cause of the hack, enter a stronger password, and use two-factor authentication.
RELATED CONTENT
Use strong passwords to can’t be hacked, tips and recommendations.
Password Spraying Attacks Tips
Password Spraying Attacks Tips

How to Prevent Password Spraying Attacks

  • Use complex passwords
    It is easy to do if you want to. Come up with or learn how to create strong passwords. It is your security. Think about the data that intruders might use for their purposes.
  • Change passwords periodically
    Periodically update your passwords. It can be done once a year or half a year. Try to make your new password different from the previous one. Use symbols and capital letters in it. Make it unique every time, and in any case, do not write it off from anywhere.
  • Use multifactor authentication
    Secure your account with two-factor authentication. When you log into your account, authentication will ask for your phone number or backup email address. It complicates the attacker’s work, as he will need to use more than one user address so that you can warn yourself.
  • Invest in cybersecurity measures
    Never forget about anti-virus software that will protect you in case of an attempt to penetrate your data. Install password managers, anti-virus software, and other data protection software on your device.

Password Spraying Attack Overview

The post Password Spraying Attack Overview appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/password-spraying-attack/feed/ 0 8227