OMNI Solutions Group Blog

OMNI Solutions Group has been serving the Washington D.C. metropolitan area since 1994, providing IT Support such as technical help-desk support, computer support, and consulting to small and medium-sized businesses.

How Cybercriminals Are Keeping Themselves Entertained

How Cybercriminals Are Keeping Themselves Entertained

With the given pandemic, a lot of people have had a bit more time on their hands, so it makes sense that many are turning to streaming services and the like for their entertainment. Unfortunately, this has not gone unnoticed by cybercriminals.

Let’s take a few moments and examine the practice of credential stuffing.

What is Credential Stuffing?

Credential stuffing is an aptly named method for an attacker to gain access to an account. It’s also the reason why we always recommend that you use a different username and password for each account.

Let’s say that Website A, a popular social media platform, suffered a data breach, and some of its info was leaked, with usernames and passwords included in the mix. This means that John Q. Hacker can take this list, go to other sites, and start trying them out. If a user was reusing their credentials, our hacker has a match and now has access to their account and information, whatever it may be.

So, by essentially running through a spreadsheet, an attacker can gain access to far more accounts than they should.

The Current Problem

In their most recent report, Akamai (a platform-based service provider) had reviewed data collected throughout 2018 and 2019 to deliver insights to the media industry. As they explain in their included letter from the editor, the rise of the COVID-19 pandemic quickly caused them to reconsider. Thanks to this reconsideration, the report also shows trends as influenced by the pandemic.

As you might imagine, these trends are quite telling.

Credential stuffing exploded as the coronavirus tightened its hold. In fact, reviewing the documents that Akamai produced shows that their graphs needed to be dramatically increased in scale, tens of millions transitioning to hundreds of millions as numbers increased fourfold. As Europe locked down, a video media service was hit on March 26 by over 364 million malicious login attempts, with over 6 billion attempts taking place in that month alone.

The economics of these stolen credentials also share some insights. In the beginning of Q1 2020, researchers took note that video media accounts were priced at about $1 to $5, with bundled services coming in at $10 to $45 each. However, these prices plummeted by the end of Q1 with all the new credentials that were made available.

Why This Matters

As we have already stated, these kinds of attacks are exactly why it is recommended that access credentials aren’t recycled.

“Why would anyone hack into my stuff?”

We’ve all had this rationalization sound off in our heads as we’re asked to provide a password for a new account. We wonder if it really matters how secure our password is, after all, we’re not anyone of interest, so is all that security really worth the effort?

Besides, it’s easier to just remember the one.

As a result, a sizable number of people have the same usernames and passwords on multiple platforms. This is where the problem lies. Sure, some person accessing your Netflix account is one thing, but someone accessing your bank, or your tax returns, or your work email (sending us down another rabbit hole) is quite another.

So, where do we go from here?

Well, first thing, you need to go over your own accounts and make sure that all of them are properly secured. At OMNI Solutions Group, we tend to recommend that your passwords include the following, to help boost their security:

  • Lots of characters
  • A diverse mix of letters, numbers, and symbols
  • No personally identifiable details (like your pet’s name, hobbies, etc.)

Alternatively, you could consider a passphrase. A passphrase (like “flankingcollisioncurtlytabletbovine”) takes five unrelated, random dictionary words and combines them, making a memorable, but essentially impossible to crack, passcode for you to use.

Second, we recommend the use of a password manager to help keep track of these passwords/passphrases. With a password manager to help you remember, you no longer have any excuse to slack off on your security.

OMNI Solutions Group can help make your business’ computing more secure as well, along with our many IT services. Find out how we can assist you by giving us a call at 301-869-6890.

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 07 August 2020
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Cloud Privacy Hackers Best Practices Hosted Solutions Backup Internet Business Business Computing IT Services Productivity Business Continuity Google Malware Software Hardware Windows 10 Miscellaneous Mobile Device Management Disaster Recovery Microsoft Innovation Computer Mobile Computing Mobile Devices VoIP Windows Workplace Tips Smartphone Managed Service Provider Server IT Support Efficiency Network Security Data Save Money communications Virtualization Upgrade Email Small Business Office Budget Holiday Best Practice Chrome Android Employer-Employee Relationship User Tips Information Technology Quick Tips Hacking IT solutions Managed IT Network Data Management Telephone Systems Microsoft Office Recovery Application Outsourced IT Apps BYOD VPN Tablet Business Intelligence Hard Drives Gmail Disaster Managed IT Services Going Green Avoiding Downtime Bandwidth The Internet of Things Remote Computing Social Engineering Firewall Ransomware Communication Computers Automation Saving Money Lithium-ion battery Wireless Technology Smartphones Operating System Government Gadgets Cybercrime Office Tips Remote Monitoring Password Browser Risk Management Biometrics Network Congestion Social Health Hosted Solution Passwords Streaming Media Proactive IT Mobility Telephony Humor Cost Management BDR Spam Facebook Unified Threat Management Private Cloud WiFi DDoS Administration Customer Service Big Data Alert Phone System IT service Virtual Reality Save Time Internet of Things User Apple Saving Time Computer Accessories Laptop Science iPhone Trending Buisness Domains Cameras HIPAA Sports Touchpad Best Available Customer Relationship Management Mouse Search Update Printer Safety Files Money Printer Server Instant Messaging Emergency Social Media Chromecast Operating Sysytem Wearable Technology Virtual Desktop Networking Bluetooth Cybersecurity Phishing Administrator Television Running Cable Near Field Communication Maintenance Solid State Drive Human Resources WIndows 7 Fax Server Data Breach Access History User Error Education Managing Stress Antivirus Bloatware Marketing Transportation Law Enforcement App Storage Analytics Avoid Downtime IT consulting Collaboration Robot Reputation SaaS Shortcut Benefits Tech Support SharePoint PowerPoint Data storage Business Management HaaS Distributed Denial of Service Entertainment Branding Regulations Shadow IT Internet Exlporer Teamwork Presentation Two-factor Authentication Google Drive Excel Colocation IT Technicians eWaste Retail Reliable Computing Document Management Uninterrupted Power Supply Meetings Applications intranet hacker