The 266 percent increase in the use of so-called infostealers is related to the focus on identity theft as a way to gain access to company systems. Infostealers are malicious software designed to steal personal and sensitive information. In this context, last year IBM noticed new tools of this type or changes to programs that were already known that aimed to increase the efficiency in obtaining login data.
Even when businesses implement multi-factor authentication and other security, they often compromise them. Doubts of this type were noted by IBM X-Force experts in 30 percent of cases when, for example, web applications of client environments allowed to have more user sessions at the same time, i.e. more parallel connections to the server. Poor conditions for other appropriate security therefore represent the most common security risk seen in the context of identity or credential theft.
He lost tens of thousands of games and a Steam account. Because of a stupid mistake
Games and operating systems
“Legitimate devices were used in nearly a third, ie 32 percent of security incidents recorded last year. It is clear that attackers are aware of how difficult it is for defenders to distinguish between the legitimate use of an identity and its unauthorized misuse,” said CEO of IBM Czech Republic, Fridrich Matejík. Said he increased targeting of identities by cybercriminals underlines the importance of organizations investigating potential attack opportunities on their networks.
On the other hand, the number of cases of black businesses through ransomware fell by 11.5 percent year on year. The use of malicious programs of this type accounts for about a fifth of the activities in the victim’s environment, so it remains the most common method for attackers after a break-in your company system. However, the number of ransomware attempts is relatively low because larger organizations manage to stop these intrusions before the malware takes hold. In addition, companies tend to be less willing to resort to blackmail, i.e. instead of paying the ransom, they prefer to try to decrypt the part of the system under attack .
At the same time, cybercriminals still don’t want to abuse artificial intelligence as a gateway to company systems. However, according to IBM analysts, it is only a matter of time. At the moment, the use of AI is rather chaotic, but according to analysts, the market will soon consolidate in a few dominant models and it will start paying for attackers to invest money in the development of specific AI-oriented tools.
Every fourth Czech takes a risk with passwords
Passwords are the first effective line of defense against online bullying on the Internet. Therefore, security experts always ask users not to underestimate them. Nevertheless, the results are the most recent study of the antivirus company Eset scary They clearly show that a quarter of Czechs still take risks with passwords.
At the same time, more than half of domestic users create such passwords that we can remember by heart. Most often, according to the study, people create them using a combination of uppercase and lowercase letters and numbers (43%). An almost comparable number of respondents add specific characters to this data (38%).
However, the format of the resulting password varies more – with a fifth of us using a random mix of characters, letters and numbers (22%) and less than a third using a word phrase -so-called passwords (30%), a quarter of users still create passwords based on personal information, such as, for example, a pet’s name, date of birth or address (26%).
Simple phrases such as “password123″ are used by 12% of respondents. “Just a few years ago, a random combination of upper and lower case letters, special characters and numbers was considered a strong password. So people started choosing complex but short passwords. However, the automatic password cracking tools used today, for example, in so-called brute force attacks can guess such passwords within a few minutes,” said Vladimíra Žáčková, cyber security expert at Eset.
“Therefore, a better option is to choose, for example, a password phrase, which should not be directly linked to our personal data or information about our family and hobbies – people can attack can be easily detected, for example, from public information on social networks,” said Žáčková.
At the same time, the users themselves evaluate the security of their password mostly according to its complexity (64%), length and also according to whether the password is unique for each service used (26%). Using a security application, such as a password manager, is an important security criterion for 24% of respondents. However, for 17% of them, whether the password is easy to remember is also a security criterion.
What should a correct password look like?
Password security is also determined by its length. The special programs of the underground hacker can crack a four-digit password, which contains numbers from zero to nine, in two minutes.
The power of dual-core and quad-core processors allows up to 100 combinations that could be analyzed in one second on a common computer set.
The secure password should be at least six characters long and should contain numbers and preferably upper and lower case letters. On the other hand, the password should not consist of the user’s name, simple words (such as “password”) or just a series of numbers.
Most people don’t remember all the passwords. Czechs recycle them
Internet on PC
2024-05-05 05:07:00
#Cybercriminals #steal #identities #News