One weak password is all hackers need to compromise applications or accounts and access confidential files and data. While cracking passwords is a very common cyber-attack, the repercussions shouldn't be taken lightly. From data theft to identity breach, and operational downtime, stolen passwords can shake a company's reputational and financial status.
Sometimes hackers exploit human psychology; other times, the systems are infected or infiltrated with malicious software. What’s more, hackers are using off-the-shelf solutions or bad bots to exploit passwords. Thus, learning how hackers can steal passwords can help IT professionals spread awareness in their enterprises and protect it from malicious cyber threats. Here are the top four techniques to steal passwords.
Social engineering is a psychological manipulation that influences the target to perform undesirable activities. And phishing is one of the most common ways of leveraging social engineering. Research shows phishing was the #1 complaint for businesses and individuals and led to $1.8 billion in business losses.
By Masquerading as someone you’re familiar with—friends, family, or business partners— hackers can trick you into handing over sensitive information.
For instance, hackers impersonate government officials or bank associates to encourage people to download a seemingly important document, fill out their KYC by clicking a link, or change their passwords. This gives hackers backdoor access to users’ personal information or systems.
The best way to prevent such attacks is to use multifactor authentication. It is important to be sceptical of emails containing attachments and verify the sender before sharing any sensitive data or opening any links or attachments.
Brute force attack
Brute force means hackers use commonly known and used passwords to try and crack into your account. One such brute attack is a dictionary attack where hackers use a dictionary and test all of the words. Another way is when hackers conduct a data breach and get access to the hash of the plain text password. (Hashing is the process of mapping data of any amount to a predetermined length using an algorithm.) In 2021, brute force attacks rose by 160% between May and mid-June.
An example of such an attack would include hackers using a trial-and-error approach to break into someone’s account. The process gets much easier and faster with the use of automation.
Using 16-character passwords with at least some special characters can help prevent such attacks. Also, the other way is to use salts in your passwords. Salts are random data inserted in the beginning, middle, or end of the password, so hackers cannot crack plain passwords.
As the name explains, MITM is an attack where hackers position themselves between the user and the client, decipher all the information, and use it for malicious purposes. The attacker compromises the servers, including HTTPS connections to websites, which enable them to listen to the conversation.
In such attacks, the hackers actively eavesdrop on the conversation by making contact with both the parties and exchanging their conversation, making them believe they're talking to each other. Instead, the hacker gains access to the entire conversation by being in the 'middle'.
Such attacks can be prevented using an SSL VPN, which can protect both users and the clients and ensures that the conversation is encrypted and the attackers cannot decipher it.
A quick glance through the malware landscape may tell you that the attacks are decreasing YOY, as, in 2021, malware dropped 4% compared to the last year. However, a closer look will tell you there’s more happening - august 2021 broke last year’s records by making 537 million malware attacks.
Thus, the scenario tells us that at no point, the IT teams should lower their guards; instead, preventive measures and awareness programs should continue to run to avoid getting into the trap of malicious threat actors.
Malware is a malicious software inserted into a network or device. Hackers can use phishing emails as a medium to inject malware.
In such attacks, hackers can insert malware into the user’s systems which can then be used to track users’ data and steal passwords by keylogging technique. In this technique, keystrokes can be traced to identify passwords and steal sensitive information like account details, passwords, email accounts, and more.
Securing endpoints and deploying a robust security solution is critical in identifying and preventing malware and other infections.
Passwords will continue to be used for the foreseeable future, simply because they’re easy to use and can be employed everywhere. However, maintaining good passwords is not only the IT team's responsibility, but that of every individual's. Therefore, the solution to prevention lies in raising employee awareness, conducting ongoing security programs to stay on top of the threat landscape, and employing solutions like SSL VPN that can mitigate attacks like MITM and HTTPS spoofing.
Shibu Paul is Vice President – International Sales at Array Networks