3 Ways Hackers Try to Steal Your Organization’s Privileged Credentials

A whopping 80% of security breaches involve privileged credentials, according to The Forrester Wave: Privileged Identity Management, Q3 2016.

 Let’s look at the three most dangerous:

Social engineering. Hackers know people – and systems – will trust someone with the right information. Attackers scan your organization, personal websites and social media accounts to learn about your organization’s hierarchy and terminology and even speech patterns and nicknames of executives. 

Defense: Set guidelines about what’s safe to share and encourage employees – especially high-level ones – to lock down their social media accounts. The world doesn’t need to know that your first pet’s name and street you grew up on is your movie star name – and yet hackers do! Now they have two likely answers to those security questions you use for password recovery. D’Oh!

Spoofed email. Sophisticated cybercriminals create emails that look like they’re from a trusted sender by using URLs that are a letter or two off, or that contain special characters or spacing to resemble the correct information at a glance. After they gain our trust this way, attackers ask for our login information – and we give it!

Defense: Train employees to look for telltale signs of a spoofed email, and teach them tactics to avoid falling for them. Strengthen your defenses with a technology solution that deep-scans inbound emails for header anomalies, similar domains, and other “tells” that may be overlooked by even the most eagle-eyed human.

Password cracking. Even if you’re using hash passwords, credentials may be at risk. Low-level hashing can be easier to decode – and once hackers have figured out your hashing algorithm, they unleash “dictionary attacks” to test-drive words and known passwords from previous breaches until they find the right inputs.

Defense: Buttress high-level hashing with additional protections, like “salting”, which adds random characters to the stored hashes. Fortify this defense by requiring complicated passwords and two-factor authentication.



Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Planning for Tomorrow’s Cyberattacks

The end of a year is often a time of ref…

The end of a year is often a time of reflection as organizat… Read More >

Peter Bauer

by Peter Bauer

CEO and co-founder

Posted Dec 06, 2016

Ransomware Email Security interview with Neil Murray Mimecasts CO FOUNDER & CTO