In the News:
Infosecurity magazine recently shared an article about London-based, digital risk protection agency, Digital Shadows’ new research claiming that 15 billion user credentials are available for sale on various underground forums. Credentials are stolen and collected by various means, including through phishing scams and malware. The research and the article describe a “growth of ‘account takeover as-a-service,’ where, rather than buying a credential, criminals can rent an identity for a given period, often for less than $10.” In their new article on Digital Shadows’ findings, information security news outlet, Threatpost, commented on the success cybercriminals are achieving in credential stealing and point to a lack of basic proper security measures for password and account protection as the leading vulnerability behind credential theft.
Our Take:
Stolen credentials being sold online is nothing new. The best defense against this crime is a manageable step that any user can take—password protection. Protecting your account can be as simple as adhering to password best practices and avoiding phishing scams and malware. Regularly changing your passwords, having different strong passwords or passphrases for different accounts, and monitoring your accounts for unusual activity, will reduce the risk of having your credentials available on the web for cybercriminals to steal.
Recommendations:
- Create strong, unique passwords (or passphrases) that you never share with anyone. Change your passwords if you have reason to believe they may be compromised or if they would be easy to guess. Northwestern Information Technology offers tips to keep your passwords secure.
- Use multi-factor authentication whenever possible. Multi-factor authentication provides an extra layer of security between your accounts and someone trying to access them. Most companies offer this password security option. Learn about how Multi-factor Authentication is used at Northwestern.
- Brush up on ways to remain secure online at home with this helpful guide: Securing A Home Work Environment.
- Monitor your essential accounts closely, so that any unusual activity is noticed right away.