Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Google Study Finds Phishing a Bigger Threat for Users Than Third-Party Data Breaches

Phishing attacks via fake emails pose the greatest threat to people, followed by keyloggers and third-party breaches as account hacking increases globally, a new Google study has revealed.

Keystroke logging is a type of surveillance software that once installed on a system, has the capability to record every keystroke made on that system. The recording is saved in an encrypted log file.

According to Google, enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.

A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging.

“In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches,” Google said in a blog post late on Friday.

Account takeover, or ‘hijacking’, is a common problem for users across the web. More than 15 per cent of Internet users have reported experiencing the takeover of an email or social networking account.

“From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data,” said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google.

The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused.

“While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12 percent of the exposed records included a Gmail address serving as a username and a password,” the blog post read.

Of those passwords, 7 percent were valid due to reuse. When it comes to phishing and keyloggers, attackers frequently target Google accounts to varying success: 12-25 percent of attacks yield a valid password.

However, because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity.

“We found 82 percent of blackhat phishing tools and 74 percent of keyloggers attempted to collect a user’s IP address and location, while another 18 percent of tools collected phone numbers and device make and model,” Google noted.

“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe,” it added.

There are some simple steps people can take that make these defences even stronger.

“Visit Google’s Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock,” Google cautioned.


What Is Doxxing and Is It a Threat to Your Small Business?

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

When it comes to privacy issues, much of the press focuses on companies like Facebook, Twitter, Google, etc. Unfortunately, that focus often ends up being a distraction from the real offenders. For the most part, we consider Facebook to be a self-inflicted wound since the content is typically posted by the individual themselves. However, it is the postings by others where these platforms like Twitter and Facebook can be very dangerous. We all know (or should know) not to post personal and private information online. These sources feed the practice of doxxing and can lead to many different types of assaults.

What is Doxxing?

The term Dox or Doxxing is derived from the word “Document.” It originates from the practice of researching information about an individual. Doxxing is often defined as an Internet-based practice of researching and broadcasting personally identifiable information (such as names, addresses, phone numbers, spouse, children, relatives, financial history and much more) about an individual. The practice of doxxing is not new. It actually dates back to the 1990s and was often used for constructive purposes such as helping law enforcement locate suspects and/or dangerous criminals, as well as in business analysis and in the legitimate vetting of individuals. Doxxing, however, strays into a very dark area when it is used for other purposes. In last 12 months, we have seen a huge spike in doxxing activity specifically related to individuals in the public safety arena.

The current trend we are seeing in the area of doxxing is mainly focused on confrontational interactions in high profile cases. It is often a situation where an individual is videotaping an incident and there is a specific interest in capturing the public safety individual as much as possible. You will often see that the individual recording the video will interact with public safety personnel in an attempt to get a name. Once they have that name, they are off to the races.

Unfortunately, the reality is that this information is already out there and readily available for the taking. Some of the companies doing this vast collection of public record information and selling it are names you have probably never heard of before such as; Intelius, BeenVerified, PeopleFinder, etc. These people finder websites gather information from a wide arrange of sources and make that information available for purchase to anyone. While there are over 200 companies out there doing this kind of activity, you need to be mostly concerned with 20 to 30 of them. I say this because there are plenty of companies that collect this detailed information for the sole purpose of sending you a coupon in the mail or displaying a pop-up advertisement on your computer screen. You could argue that this is creepy, but the good news is that these companies do not sell this information to individuals.

Doxxing As Used By Online Vigilantes

There are countless recent examples of doxxing that millions of Americans read about every day, often without realizing that doxxing is at the heart of what they are reading. In the last three years, the Social Security number of First Lady Michelle Obama, Beyonce’s home address, Aston Kutcher’s personal phone number and the credit report of Los Angeles PD chief Charlie Beck were all posted online following acts of doxxing. While these events were troubling enough to the individuals involved, the more recent use of doxxing has taken an even darker turn.

Following recent events in Ferguson, the group called Anonymous acquired the sensitive personal information of Colonel Ronald Replogle, posted it on the Internet and then tweeted the location of this information to thousands of people.

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

Literally anyone such as an ill-intended individual, gang member, escapee, former arrestee, protestor, etc. can follow the provided link to acquire a home address, phone number, email address and much more. These kinds of acts essentially put the individual involved and their family at immediate risk.

Erica Garner, the daughter of the man who died following an arrest by a New York City police officer, tweeted out the address of one of the officers present at the time (Justin D’Amico). Her Tweet linked to a web page with addresses for D’Amico and for “five” possible relatives. Erica Garner has more than 5,000 Twitter followers and her post was retweeted about 500 times.

What Is Doxxing and Is It a Threat to Your Small Business Online Security?

Following the fatal shooting of a homeless man on Skid Row in Los Angeles in early March, LAPD confirmed that at least two police officers were the victims of doxxing. An unknown individual or group posted the officers’ names, addresses, and details about their kids’ schools on the Internet.

The Risks and Threats of Doxxing to Law Enforcement Officials

Law enforcement officials often find themselves in risky situations. It comes with the territory. Doxxing, however, is a new kind of threat and one that can manifest itself in many dimensions and extend the risk beyond the individual involved to include family members and relatives.

The bigger problem here, of course, is the ready availability of sensitive personal information on the Internet to feed the practice of doxxing. More than 50 entities, loosely defined as People Finder Sites or Data Brokers, have compiled comprehensive information profiles about most of us. This information is then made easily available for anyone to acquire on the Internet. These sources feed the practice of doxxing and can lead to many different types of assault including the following – which do not need to be life threatening to be debilitating:

  • Targeting
  • Physical stalking
  • Cyber stalking
  • Bullying
  • Harassment
  • Embarrassment
  • Identity Theft
  • Extortion
  • Coercion

Today anyone with a phone, computer or tablet can get almost immediate access to anyone’s personal and private information. We all know there are many, many companies out there databasing everything we buy, where we live and where we like to go. These same companies then take all this detailed information and create detailed reports on virtually every individual in the US.

Protecting Against Doxxing

With respect to protecting yourself against doxxing, and other misuses of your personal information, there’s lots of good advice out there regarding the use of the Internet, such as:

  • Never give out personal information like phone numbers or physical addresses;
  • Refrain from providing your first name. It makes it much harder to find the individual online with only a last name.
  • Run your own name on these sites and see how easy it is for you to be found.
  • Use a PO Box as a mailing address whenever possible.
  • Contact each data broker and request your information be removed from their site.

At the end of the day, while all of this is useful and well intended, the only practical solution is to remove your personal information from these sites. But, that task is easier said than done.

The unfortunate reality is that removing personal information from these sites is intentionally convoluted and difficult. While it is technically possible, most people do not have the time or patience to execute each of the following steps:

Step 1 – Identify all of the more than 200 sites that compile, maintain and sell personal information, and then zero in on the 50 that can really hurt you.

Step 2 – Dig through each of the sites to locate the particular set of instructions for opting out of that site.

Step 3 – Follow each of the required processes, prepare and submit the necessary form or forms, and provide the additional information necessary (including a photo ID in some cases) to complete the opt-out request.

Step 4 – After the full set of opt-out instructions have been submitted, revisit each of the sites to verify they have complied with the opt-out request.

Step 5 – More than a step, this is an on-going process. Even after many of these sites have complied with the initial removal instructions, they will repopulate personal information over time. So, periodically (at least every 30 days), it is necessary to return to Step 1 and repeat the entire process. Protecting your personal information in an on-line world is a never ending and time consuming, but very necessary process for individual and family safety – especially today.

The important takeaway is that virtually anyone can find just about everything they might want to know about you on the internet for any purpose – targeting, stalking, bullying, revenge, embarrassment, identity theft and much more.

Activities such as doxxing are not going away. If anything the problem is getting worse. From solo criminals to organized gangs, the data vigilantes are everywhere, operating throughout the world. The best way to deal with this growing problem is to protect yourself by removing your information online either manually as I covered in this article or through a service like ManageURiD, our data privacy company. Do this for yourself and your family before it happens to you.

Online Security Photo via Shutterstock

More in: Publisher Channel ContentComment ▼


Ransomware Threat on Rise Globally: Symantec

Ransomware Threat on Rise Globally: Symantec

The average ransom demanded by hackers jumped to $679 (roughly Rs. 45,600) – up from $294 – at the end of 2015, global cyber-security leader Symantec said on Thursday.

With 31 percent of global infections, the US continues to be the most affected country by ransomware and India, with 3 percent infections, ranks ninth in the top 10 list between January 2015 and April 2016, the report noted.

Realising the potential for higher profits, cybercriminals are increasingly targeting the business space and employees in organisations made up 43 percent of ransomware victims.

Given the popularity of smartphones, a number of Android threats have emerged in recent years, the majority of which are locker-type threats. As yet, there have been no documented cases of iOS ransomware.

Further, the growth of the Internet of Things (IoT) also has multiplied the range of devices that could potentially be infected with ransomware.

With a growing awareness of ransomware affecting traditional computers, attackers may turn to IoT to find new, softer targets, the report added.

According to Symantec, 2015 was a record year with 100 new ransomware families discovered.

All but one of the new variants discovered so far in 2016 are crypto-ransomware, which uses unbreakable encryption on the user’s files.

If the victim has no back-ups, paying ransom is the only alternative.

Tags: Android, Crypto Ransomware, Cybercriminals, India, Internet, Ransomware, Symantec



Windows Defender Advanced Threat Protection Launched for Enterprise

Windows Defender Advanced Threat Protection Launched for EnterpriseAddressing the growing security attacks in the enterprise sector, Microsoft on Tuesday announced Windows Defender Advanced Threat Protection, a new service that aims to help, detect, and respond to advanced attacks on an enterprise’s network. The service, which is designed for Windows 10, will update automatically, and reduce the deployment efforts that are typically the biggest pain points in these processes.

Windows Defender Advanced Threat Protection leverages Microsoft’s intelligent security graph to provide a post-breach layer of protection to the existing security stack that Windows 10 ships with. The service detects threats that have managed to circumvent other defences, and helps enterprises with finding the breach end points and offer response recommendations.

Microsoft says that the service is already live with early adopter customers, who have provided feedback and helped protect 500,000 endpoints. The service will be rolled out to rest enterprises with Windows 10 systems later this year.

In a blog post, Terry Myerson, Executive Vice President, Windows and Devices Group noted that attackers are becoming more sophisticated and the state of security at companies is just not sufficient. Myerson noted in many cases an enterprise takes more than 200 days to realise that it has been hacked. These attacks are costing an organisation an average of $12 million (roughly Rs. 81 crore) per incident.

Windows Defender Advanced Threat Protection is able to provide “key information on who, what, and why the attack happened.” The customers will be able to look into Microsoft’s machine learning-based security graph that offers them an insight by looking into aggregate behaviours to identify anomalies. The graph consists of information taken anonymously from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.

Many times, however, you only realise about a security attack when you have already been its victim. Which is where Response Recommendations feature in the Windows Defender Advanced Threat Protection comes into play. It offers a user with an easy way to investigate alerts, explore the entire network for signs of attacks, look into particular devices and examine actions on specific devices, and get detailed footprints from across the organisation to recommend responses.