Shyam Senthilnathan
May 26 · 5 min read
Passwords leaked from data breaches in the past continue to cause ripples in 2023, even amidst organizations with modern security standards. Poor password hygiene stands out as the culprit.
An 18-year-old hacker, Joseph Harrison, is alleged to have launched a credential-stuffing attack in November 2022 with a helping hand from a few others.
Joseph used a computer program to stuff credentials that were stolen from data breaches in the past. This involves repeatedly entering username-password combinations into websites until they crack into the login account. He is said to have had “69 wordlists which contained at least 38,484,088 individual username and password combinations”.
Once Joseph managed to crack into DraftKing user accounts, he marketed them and sold access to them on the internet. He even added instructions on bypassing two-factor authentication and draining funds from the compromised accounts.
A large number of such credential combinations are easily available on the dark web for anyone with the right tools to exploit. With the enormous amount of login data readily available on the internet, there is a good chance that simple passwords created by users are already present in the dark web database.
So often, weak, reused passwords are abused by cyber crooks and are used as a key for unlocking access to multiple websites, applications, and the sensitive data they hold.
Advancements in modern technology have complicated digital security. New studies reveal that AI can be used to crack passwords with relative ease. Novice hackers leverage powerful AI technology such as ChatGPT to learn step-by-step instructions on carrying out a cyberattack. Precautionary measures against new-age threats are essential to keep enterprises protected.
It is estimated that organizations will face around 33 billion account breaches in 2023. Leaning back and not giving importance to password security directly leads to organizations falling victim to massive breaches. IT teams and security engineers are too focused on implementing advanced security systems while they fail time and again to reinforce the building block of organizational safety – password security.
The world is overrun with novice hackers like 18-year-old Joseph, who believes that ‘Fraud is fun.’ Leveraging breached information from the internet, the teenager managed to loot thousands of dollars from users on DraftKings - simply because he was ‘Obsessed with bypassing’ security.
The betting company suffered a huge loss of reputation, adding salt to the wound - this occurred just at the time of the 2022 Football World Cup, possibly creating a significant revenue loss for the company.
Organizations deal with a plethora of user and system passwords and must take precautionary steps to curb threats. Most of these risks can be mitigated by sticking to the basics of password hygiene.
Enforcing password management best practices goes a long way in protecting businesses against new-age threats. Here are a few basic measures to take to ensure good password health:
Use strong and complex passwords - Login accounts, whether used personally or from a business perspective, should have strong passwords with more than 8 characters and comprise special characters, alphabets, and numerals.
Periodically rotate privileged passwords - Corporate accounts must change their passwords periodically, ideally once every 90 days.
Check for breached passwords in use - Passwords used within the organization must be checked regularly to ensure they are not part of previous breaches. Read more about Dark web monitoring.
Eradicate the reuse of passwords - As a rule of thumb, never utilize the same password across multiple logins or websites. All company passwords must be unique from each other.
Eliminate hardcoded passwords on files or scripts - Passwords must not be written down on paper, stored on Excel sheets, or hardcoded on scripts/applications. Passwords must instead be stored securely in a digital vault.
Even though this covers the basic aspects of password security, organizations often find themselves requiring advanced technologies and a wide variety of cybersecurity tools to protect their assets. Regardless of the advanced solutions that they deploy, not sticking to the basics costs them dearly.
Password security has established itself to be the building block of data security. Password management solutions help automate password management best practices, secure enterprise secrets and change compromised passwords that are in use.
2013 Target Data Breach: 10 Years On, but the Same Threat Pattern Looms Large!
Hackers targeted the low-hanging fruit, launched an unsophisticated attack, and carried out a...
Himaya Presthitha
July 25 · 6 min read
Password management best practices: Practice or Pay!
Passwords leaked from data breaches in the past continue to cause ripples in 2023, even amidst...
Shyam Senthilnathan
May 26 · 5 min read
Identity thefts and data breaches - The aftermath of privileged access mismanagement
Cybersecurity is a growing concern for businesses of all sizes, as advanced hackers and cybercriminals...
Zaheeruddin Ahmed
Dec 27 · 4 min read
Spate of cyberattacks rock the land down under
Lack of API security, exposed credentials, and misuse of privileged access continue to cause harm...
Rajaraman Viswanathan
Nov 25 · 4 min read
Make this Thanksgiving a memorable one. Treat yourself to a surprise!
We're planning to make this year's Thanksgiving extra special.
Zaheeruddin Ahmed
Nov 21 · 2 min read
The Spooky Season is here early! Recent data breaches re-emphasize the significance of password security
As Halloween is dedicated to remembering the martyred, organizations falling victim to data breaches remind us...
Shyam Senthilnathan
Oct 20 · 4 min read
We're at GITEX, Dubai. Come, meet us!
Are you planning to participate in GITEX, Dubai? If yes, this is a great opportunity to meet our product experts and get a ...
Zaheeruddin Ahmed
Oct 10 · 2 min read
May God defend me from my friends
As stories of trusted insiders causing information security breaches continue to unfold, it’s time organizations woke up to...
Raja Viswanathan
Dec 21 · 4 min read
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
Balasubramanian Venkatramani
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
Raja Viswanathan
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Jithukrishnan
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Raja Viswanathan
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Jithukrishnan
Jun 12 · 8 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Raja Viswanathan
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Balasubramanian Venkatramani
Mar 13 · 6 min read