5 More Ways Hackers Try To Steal Your Organization’s Privileged Credentials

Hackers have a large portfolio of tactics to get their mitts on your organization’s privileged credentials, and they’re creating more every day.

In addition to the big 3 Ways Hackers Try To Steal Your Organization’s Privileged Credentials, hackers use these 5 tactics to identify critical login data and compromise your organization:

Phishing, Spear-phishing, Vhishing & SMShing. Forty-three percent of cyberattacks begin with one of these hacks, which create credential requests that look, sound and seem authentic, according to the Verizon 2017 Data Breach Investigations Report.

Defense: Educate employees on how to spot these scams, and back that up with an enterprise email protection solution.

 

Unlimited Logins. Letting users take as many tries as possible at getting their logins right is nice for them – and for hackers.

Defense: Limit users’ login attempts and you limit attackers’ tries, too.

 

Shared Accounts. Many people may need access to shared functions or service accounts, and frequently they share that login. The same holds true for shared hard-coded app credentials.

Defense: Manage these shared accounts more closely by requiring each user to have their own password, enforcing password security requirements and implementing two-factor authentication (TFA).

 

Orphaned Privileged Accounts. These accounts aren’t actively monitored, giving hackers a “dummy” account they can crack.

Defense: Groom user accounts regularly to decommission those no longer in use. 

 

Keystroke Logging & Memory Scraping. Undetected malware attacks can unleash keystroke trackers or memory scrapers into your system. Loggers record everything typed on a keyboard, including credentials. Scrapers, most common in POS attacks, takes a snapshot of RAM, which includes passwords and logins.

Defense: Install spyware/malware detection, whitelist apps and require TFA.

With 80% of security breaches involving privileged credentials, according to The Forrester Wave: Privileged Identity Management, Q3 2016, you can’t afford not to upgrade your privileged credential protection.

 

 

 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox