Cyber criminals are always on the hunt for user and corporate credentials (usernames and passwords). If you have someone’s credentials, you can log in to their systems, access valuable data and perform fraudulent transactions on their behalf.

Credentials are typically extracted by cyber criminals in one of three ways:

  1. Key-logging malware captures users’ keystrokes during log in and sends the information to the attacker. There are various techniques to compromise user machines with such malware, including drive-by downloads, watering hole attacks and infected USB drives.
  2. A phishing site is used. This is a fake website that is designed to look like a legitimate log in page, such as an online banking website or online applications such as Google Docs. To get the user to the phishing site, the attacker sends a spear-phishing message that looks like it came from a trusted source, such as a bank, colleague or government office. Once the user attempts to log in to the phishing site, the credentials are sent directly to the attacker.
  3. Cyber criminals hack into e-commerce websites and social networks to extract the user database, including user credentials. Since users often reuse credentials, it is highly likely that the same credentials can be used for logging into other systems as well.

General Recommendations

There are several things that can be done to lower the risk of credentials theft. First, don’t log in to sensitive applications from unprotected machines. Make sure your antivirus is up-to-date and, if possible, use special security solutions designed to block information-stealing malware to protect your machine.

Be cautious about possible spear-phishing emails, even if the message seems to come from a trusted source. When receiving a message that includes a link to a website, try to verify that the request is genuine and that it takes you to a relevant site. If possible, don’t click the link. Instead, open your browser and type in the address yourself.

Change your passwords often, use complex passwords and don’t use the same credentials across multiple systems. For systems that are especially critical to you or your business, consider using two-factor authentication. This adds additional user information requirements when logging in and is therefore harder to compromise.

Protecting Corporate Credentials

IBM Security Trusteer Apex Advanced Malware Protection is an advanced threat protection solution designed to protect user machines from advanced, information-stealing malware. Its exploit prevention and data exfiltration prevention technologies are designed to prevent advanced malware from compromising the user endpoint. In addition, Trusteer Apex includes special protections to prevent corporate credentials theft and exposure:

  1. Keystroke obfuscation: Trusteer Apex obfuscates user keystrokes during log in procedures, preventing key loggers from capturing user credentials.
  2. Prevent corporate password exposure on phishing sites: Trusteer Apex ensures corporate credentials are used only for logging into corporate Web applications. If the user is trying to log in to a phishing site, the login will be blocked.
  3. Prevent reuse of corporate credentials on noncorporate sites: Trusteer Apex prevents users from using their corporate credentials to log in to nonapproved public sites, such as e-commerce sites or social media. The user will be requested to change his or her credentials before logging into the website.

Update: Massive Hack Exposes 2 Million User Credentials

Only one day after we blogged about the importance of user credential protection, one of the biggest credentials breaches came to light. The breach was a result of key-logging malware that was installed in numerous computers around the world. The malware captured usernames and passwords of users logging in to more than 93,000 websites. The malware sent the information to a server controlled by the attackers. The breached credentials allow the hackers to log in to sensitive applications such as ADP payroll systems.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today