Google: How Online Accounts Are Hijacked
In news that surprises no one, hijacking accounts is one of the top online security threats, with billions of usernames and passwords from different platforms available on black markets.
To understand how hijackers steal passwords and other sensitive data, Google partnered with the University of California, Berkeley in a study of Google accounts from March 2016 to March 2017 that analyzed black markets trading third-party password breaches, as well as 25,000 black hat tools used for phishing and keylogging. The research found 788,000 credentials stolen via keyloggers, 12 million stolen via phishing, and 3.3 billion exposed by third-party breaches.
In other findings from the report, Data Breaches, Phishing, or Malware? Understanding the Risks Of Stolen Credentials, phishing posed the greatest threat, then keyloggers, and third-party breaches. Attackers attempted to collect the sensitive data requested when verifying an account holder’s identity. 82 percent of black hat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model.
What if your accounts are hijacked? Hackers could potentially view every document on your device or every key you type or turn on your microphone or camera.
In a presentation titled “Inside the Mind of a Digital Attacker" at the Oslo Freedom Forum in New York, Jigsaw's lead project manager Justin Kosslyn warned the audience that hackers could access information at three points: the device, the cloud, and the network. Jigsaw is an incubator from Google parent company Alphabet that’s focused on global security challenges.
Kosslyn pointed out that devices (the phones, tablets, laptops, and desktops used to access to the Internet) are often the weakest link. Hackers may send an email (“Account Alert: Suspicious Activity. Your account may have been compromised. Please log in at the link below to update your security preferences.”) If you click the link and enter your password, a hacker can log into your account. Or, an email attachment may contain a virus that will infect your system if it isn’t up-to-date.
To protect your devices, Kosslyn recommends three actions:
Use a security key as a second password
Open attachments in the cloud
Keep your software fully up-to-date
Keep in mind that hackers may also attempt to hack data from your cloud, so security must be up-to-date. While your connection to the Internet is probably your lowest concern, remember to use “https” rather than “htpp” to help secure your connection.
Also, some digital security tools to consider are PGP, Tor, and stickers. PGP is an encryption program to secure emails; Tor provides anonymity on your device; and stickers placed over your webcam help ensure online privacy.
In this year’s Grey’s Anatomy fall finale, even Grey Sloan Memorial suffered a cyber attack! To prevent a Grey Sloan-like meltdown, keep in mind that your digital security is only as strong as your weakest link.