Cyber criminals are always on the hunt for user and corporate credentials (usernames and passwords). If you have someone’s credentials, you can log in to their systems, access valuable data and perform fraudulent transactions on their behalf.

Credentials are typically extracted by cyber criminals in one of three ways:

  1. Key-logging malware captures users’ keystrokes during log in and sends the information to the attacker. There are various techniques to compromise user machines with such malware, including drive-by downloads, watering hole attacks and infected USB drives.
  2. A phishing site is used. This is a fake website that is designed to look like a legitimate log in page, such as an online banking website or online applications such as Google Docs. To get the user to the phishing site, the attacker sends a spear-phishing message that looks like it came from a trusted source, such as a bank, colleague or government office. Once the user attempts to log in to the phishing site, the credentials are sent directly to the attacker.
  3. Cyber criminals hack into e-commerce websites and social networks to extract the user database, including user credentials. Since users often reuse credentials, it is highly likely that the same credentials can be used for logging into other systems as well.

General Recommendations

There are several things that can be done to lower the risk of credentials theft. First, don’t log in to sensitive applications from unprotected machines. Make sure your antivirus is up-to-date and, if possible, use special security solutions designed to block information-stealing malware to protect your machine.

Be cautious about possible spear-phishing emails, even if the message seems to come from a trusted source. When receiving a message that includes a link to a website, try to verify that the request is genuine and that it takes you to a relevant site. If possible, don’t click the link. Instead, open your browser and type in the address yourself.

Change your passwords often, use complex passwords and don’t use the same credentials across multiple systems. For systems that are especially critical to you or your business, consider using two-factor authentication. This adds additional user information requirements when logging in and is therefore harder to compromise.

Protecting Corporate Credentials

IBM Security Trusteer Apex Advanced Malware Protection is an advanced threat protection solution designed to protect user machines from advanced, information-stealing malware. Its exploit prevention and data exfiltration prevention technologies are designed to prevent advanced malware from compromising the user endpoint. In addition, Trusteer Apex includes special protections to prevent corporate credentials theft and exposure:

  1. Keystroke obfuscation: Trusteer Apex obfuscates user keystrokes during log in procedures, preventing key loggers from capturing user credentials.
  2. Prevent corporate password exposure on phishing sites: Trusteer Apex ensures corporate credentials are used only for logging into corporate Web applications. If the user is trying to log in to a phishing site, the login will be blocked.
  3. Prevent reuse of corporate credentials on noncorporate sites: Trusteer Apex prevents users from using their corporate credentials to log in to nonapproved public sites, such as e-commerce sites or social media. The user will be requested to change his or her credentials before logging into the website.

Update: Massive Hack Exposes 2 Million User Credentials

Only one day after we blogged about the importance of user credential protection, one of the biggest credentials breaches came to light. The breach was a result of key-logging malware that was installed in numerous computers around the world. The malware captured usernames and passwords of users logging in to more than 93,000 websites. The malware sent the information to a server controlled by the attackers. The breached credentials allow the hackers to log in to sensitive applications such as ADP payroll systems.

More from Data Protection

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Cost of data breaches: The business case for security AI and automation

3 min read - As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that's because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of technologies that can help safeguard data, such as artificial intelligence and automation.IBM’s 2024 Cost of a Data Breach (CODB) Report studied 604 organizations across 17…

Cost of a data breach: The industrial sector

2 min read - Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement.According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost industrial…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today