Published: August 16, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
With billions of PII (personally identifiable information) snippets up for grabs, cybercriminals got into overdrive last year. SpyCloud researchers discovered this avalanche of PII, finding the pandemic responsible for unleashing a torrent of cybercrimes. The world had no choice but to use the internet for purchases and socializing they would otherwise do in person, leading to this once-in-a-lifetime event creating more data leaks than ever before. We know that having this PII in the wrong hands can have catastrophic and criminal results. SpyCloud followed the exposed data and discovered the hacking trends using the leaked PII for attacks against businesses and individuals alike.
1. Remote workforce puts data at risk. The pandemic forced the world to figure out how to continue doing business – and fast. Out of necessity, many in the workforce found themselves using their personal devices for work, and their work devices for personal use. A survey by CyberArk found 77% of remote workers are using their own devices which are unsecured and unmanaged by their employer.
2. “Superbreach” makes old data new again. Last November, over 20,000 databases were exposed from an old breach site called Cit0day. Data from many older breaches was packaged into a single “superbreach.” Although the data wasn’t new, cybercriminals can still use it for new attacks. It’s a reminder that data, stolen or not, has a long shelf life. SpyCloud found if an individual has data exposed in one breach, they are likely to be involved in eight to ten other breaches.
3. Credential stuffing hits new heights. With many users guilty of password reuse (you know who you are), hackers can crack one password and brute-force, or credential stuff, the information into other accounts. That opens the door to all kinds of PII being compromised and abused in other attacks. SpyCloud found 60% of breach victims reused one or more passwords across many platforms, and that helps give credential stuffing more fuel for cyberattacks.
4. Supply chain attacks and password cracks. SpyCloud found breached passwords led to six of the top ten passwords for key government contractors, including the Aerospace and Defense sectors, included company names – something no password should ever use. Easily guessed passwords are ripe targets for password spraying and account takeover attacks.
Security Tips and Responsibility = Passwords
Consumers need to protect themselves since websites and companies don't seem to be doing it for us.
Never reuse old passwords or use the same password for multiple websites.
Always use strong, complex and unique passwords at home and at work. These should include upper- and lower-case letters, special characters, and numbers.
Create company security policies for devices used for home and remote work and enforce them. This should include ensuring all devices have antivirus products on them.
Use MFA (multi-factor-authentication) for important accounts and consider using a password manager, if you just can’t remember them all. Just keep in mind that if the password manager experiences a breach, all your passwords are compromised. But, it’s better than reusing passwords.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org