Category Archives: advanced cybersecurity

The danger of stolen data: credential stuffing attacks

credential stuffing

When we talk about cyberattacks, for companies, there is one word that normally comes to mind: malware, every computer’s nightmare, that can infect their systems and take with it not just the company’s most sensitive information, but also that of their users, clients, providers, employees, and so on.

However, malware isn’t always a cybercriminal’s tool of choice; in fact, in 2017 it started to give way to other kinds of attack, which are having similar levels of success at achieving the same goal: breaking through their victims’ corporate cybersecurity.

What is credential stuffing?

A credential stuffing attack is a kind of cyberattack in which, using details gathered from a data breach, the perpetrator manages to access user accounts on a platform by bombarding credentials until they hit upon the correct combination.

To carry out an attack of this kind, the cybercriminal must first get, steal, or buy a database made up of user accounts, with their login names and passwords. Their next step is to try to log in to the affected platform using these login details. As it is not always guaranteed that the details will coincide, the strategy is to launch multiple automatic logins until the details match up. What’s more, the identification processes are carried out by specialized botnets so that the platform believes them to be authentic. If it is possible to log in, the credential stuffing attack will have been a success.

The victims: Dunkin Donuts, Yahoo…

These cyberattacks are affecting an increasing number of companies.  The latest victim was Dunkin Donuts. In November, the company detected the theft of credentials and their subsequent use in an attack on the users of DD Perks, its loyalty and rewards program. The credentials stemmed from a data breach, although Dunkin Donuts stated that this breach didn’t happen on their system, rather on the system of a supplier, which gave access to third parties. Specifically, the user information came from a previous leak, and so the cybercriminals used this information both to access DD Perks accounts and to log in to other platforms that used the same credentials.

But there is, unfortunately, one incident that takes the crown for credential stuffing attacks: in 2016, around 500 million Yahoo accounts were seriously compromised by the prior leaking of a vast amount of information after another data breach. In this case, the breach had one more outcome: when Yahoo went public with the incident, many users received emails from people claiming to belong to the company, which contained a link to resolve the breach. These emails, however, were a phishing attempt by another group of cybercriminals.

Success rate and how to avoid them

When it comes to evaluating the potential damage of credential stuffing, it is important to get some perspective. According to a Shape Security study carried out in 2018, their success rate is usually, at best, 1%, a figure that may make this attack seem insignificant.

credential stuffing

However, we must bear in mind the fact that these cyberattacks usually use databases that can contain credentials of several million users. This means their success rate, though modest in relative terms, is large enough in absolute terms for the affected company’s reputation to be seriously damaged by the exposure of its corporate cybersecurity.

Companies must therefore take appropriate steps to avoid both data breaches and possible credential stuffing attacks.

1.- Two factor authentication? Two-factor authentication (2FA) is one of the most commonly used methods for companies and platforms that want ensure a secure login for their users. However, as we have already seen, two factor authentication is not infallible, since it can be broken by getting users to introduce their details on fake portals.

2.- Cybersecurity solutions. A company’s security cannot rely 100% on users correctly managing their passwords, especially since the attack very often comes first: i.e., data breaches are often a consequence of poor corporate cybersecurity management, rather than as a result of poor password management by users. This is where Panda Adaptive Defense comes in: it has a data protection module, Panda Data Control, that is able to monitor data in all its states, including when it is at rest, helping the solution to know at all times what processes are being run and what data is being used.

3.- Employee awareness Companies must also instill in their employees a series of prevention measures, as they are often the easiest point of entry for cybercrime. Employees must remain alert, as well as not giving out their credentials via email (to avoid phishing, tech support scams or BEC scams) and, if they come across any problems, report the incident to the company’s head of IT.

The post The danger of stolen data: credential stuffing attacks appeared first on Panda Security Mediacenter.

Ten corporate cybersecurity New Year’s resolutions

corporate cybersecurity resolutions

New Year is a moment when many of us set ourselves a series of resolutions to try to improve some part of our lives. And one resolution that should be on everyone’s list is an improvement in cybersecurity habits. With this in mind, we’re sharing these 10 tips for online security that will help you to protect your digital life, as well as that of your company.

In our PandaLabs Annual Report 2018, we compiled many cases where cybersecurity went wrong. And the fact is that many of these incidents — and the serious consequences they entailed — could have been avoided by following some basic security tips.

Download the infographic

Good practices for 2019

  • One good habit to bear in mind is the use of firewalls to block unwanted access to our devices. In many cases, this solution is the first line of defense against cyberattacks. The most dramatic example of what can happen if we do away with firewalls is the case of Exactis. This US data broker left around 350 million records exposed in June last year. Anyone could have accessed details about hundreds of millions of US citizens. The cause? A lack of firewalls to protect this information.
  • Multifactor authentication. This method of confirming a user’s identity when logging in adds another layer of protection by asking for a code received on a mobile phone or on a computer. It means that, even if someone gets their hands on our password, accessing our account is more complicated. In July last year, the app Timehop gave us an example of what can happen if we don’t use multifactor authentication: the company blamed a data breach that affected 21 million users on a lack of multifactor authentication on a cloud account.corporate cybersecurity
  • Updating operating systems and installing patches helps to minimize the threats of malware and vulnerabilities. This is especially important if we consider one of the predictions found in our PandaLabs Report: in 2019, new catastrophic vulnerabilities will be discovered, similar to Meltdown and Spectre, which were discovered at the start of last year. Installing all necessary updates and patches is the only way to protect yourself against the vulnerabilities that may threaten corporate cybersecurity, and thus reduce the attack surface.
  • It is very important to be selective when it comes to sharing personal information on the Internet. This information could be used to guess passwords and logins. Discretion is particularly relevant for another of our predictions for 2019. The massive analysis of data, through readily available Big Data tools, allows detailed profiles of personal preferences and trends in many areas to be extracted. Personal information spread over different social networks (Facebook, Twitter, LinkedIn, etc.), correctly analyzed and correlated, can allow the development of highly sophisticated and personalized social engineering attacks with malicious intentions.

Discover the 10 corporate cybersecurity resolutions for 2019 in our infographic, and stay protected this year.

Download the infographic

The post Ten corporate cybersecurity New Year’s resolutions appeared first on Panda Security Mediacenter.

Patches and data control: Keys to your organization’s security

emotet whitepaper patches

November 2018, Chile. The bank Consorcio de Chile discovers that it has become the victim of an advanced cyberattack, a dangerous and undesirable situation for any company. If we add to this the fact that the attack involved the Trojan known as the nightmare of global banking, and the fact that this particular nightmare managed to steal 2 million dollars from the bank’s funds, the outlook is extremely disheartening.

Download the Whitepaper

Analysis of EMOTET

The Trojan in question is called Emotet, and Chile is just the latest country on its list of victims—a list that already includes countries such as Germany, Switzerland and the United States. But what is Emotet, how does it spread, and what damage can it do?

Emotet is a polymorphic banking Trojan. Its main goal is to steal data such as user credentials, or to spy on network traffic. It is also frequently used to download other malware, including other banking Trojans.

The most common propagation method for this Trojan is email, whether via infected attachments or embedded URLs. One particularly dangerous feature of Emotet is that it takes over its victims’ email accounts. This helps to trick other users into downloading the Trojan onto their systems.

Emotet graphic

Once Emotet has infected a computer on a network, it uses the vulnerability EternalBlue to get to other endpoints on unpatched systems.

The most serious damage

The most serious consequences that an organization can experience as a result of an EMOTET attack include:

-Theft of personally identifiable information (PII).

-Leaking of financial and confidential information, which can be used for blackmail.

Theft of login credentials, making other accounts vulnerable

Long remediation periods for network administrators.

Loss of productivity of employees whose endpoints have to be isolated from the network

It is clear that this malware would be a serious danger for any company it managed to infiltrate. This is why at Panda Security, we recommend having the best preventative protection against any kind of malware, both known and unknown. This is what Panda Adaptive Defense does, since it stops all malware from running, as well as keeping endpoints updated.

In our whitepaper, Patches and data control: Keys to your organization’s security, you can find more information about the risks that this Trojan can entail, how it can get into your company, and how Panda can help you to avoid the most drastic damages.

Download the Whitepaper

The post Patches and data control: Keys to your organization’s security appeared first on Panda Security Mediacenter.