Cyber criminals are always on the hunt for user and corporate credentials (usernames and passwords). If you have someone’s credentials, you can log in to their systems, access valuable data and perform fraudulent transactions on their behalf.

Credentials are typically extracted by cyber criminals in one of three ways:

1. Key-logging malware captures users’ keystrokes during log in and sends the information to the attacker. There are various techniques to compromise user machines with such malware, including drive-by downloads, watering hole attacks and infected USB drives.
2. A phishing site is used. This is a fake website that is designed to look like a legitimate log in page, such as an online banking website or online applications such as Google Docs. To get the user to the phishing site, the attacker sends a spear-phishing message that looks like it came from a trusted source, such as a bank, colleague or government office. Once the user attempts to log in to the phishing site, the credentials are sent directly to the attacker.
3. Cyber criminals hack into e-commerce websites and social networks to extract the user database, including user credentials. Since users often reuse credentials, it is highly likely that the same credentials can be used for logging into other systems as well.

General Recommendations

There are several things that can be done to lower the risk of credentials theft. First, don’t log in to sensitive applications from unprotected machines. Make sure your antivirus is up-to-date and, if possible, use special security solutions designed to block information-stealing malware to protect your machine.

Be cautious about possible spear-phishing emails, even if the message seems to come from a trusted source. When receiving a message that includes a link to a website, try to verify that the request is genuine and that it takes you to a relevant site. If possible, don’t click the link. Instead, open your browser and type in the address yourself.

Change your passwords often, use complex passwords and don’t use the same credentials across multiple systems. For systems that are especially critical to you or your business, consider using two-factor authentication. This adds additional user information requirements when logging in and is therefore harder to compromise.

Protecting Corporate Credentials

IBM Security Trusteer Apex Advanced Malware Protection is an advanced threat protection solution designed to protect user machines from advanced, information-stealing malware. Its exploit prevention and data exfiltration prevention technologies are designed to prevent advanced malware from compromising the user endpoint. In addition, Trusteer Apex includes special protections to prevent corporate credentials theft and exposure:

1. Keystroke obfuscation: Trusteer Apex obfuscates user keystrokes during log in procedures, preventing key loggers from capturing user credentials.
2. Prevent corporate password exposure on phishing sites: Trusteer Apex ensures corporate credentials are used only for logging into corporate Web applications. If the user is trying to log in to a phishing site, the login will be blocked.
3. Prevent reuse of corporate credentials on noncorporate sites: Trusteer Apex prevents users from using their corporate credentials to log in to nonapproved public sites, such as e-commerce sites or social media. The user will be requested to change his or her credentials before logging into the website.

Update: Massive Hack Exposes 2 Million User Credentials

Only one day after we blogged about the importance of user credential protection, one of the biggest credentials breaches came to light. The breach was a result of key-logging malware that was installed in numerous computers around the world. The malware captured usernames and passwords of users logging in to more than 93,000 websites. The malware sent the information to a server controlled by the attackers. The breached credentials allow the hackers to log in to sensitive applications such as ADP payroll systems.