The review department of the Securities and Exchange Commission recently issued a risk warning in which it carried out several targeted cyber security investigations. The Agency is currently concerned about the increase in a certain form of hacking, the so-called diploma filling.
This cyber attack uses stolen credentials to connect to web systems and to make unauthorized transfers of client funds.
In this article, we will elaborate on the content of the references and discuss ways to detect and prevent these types of attacks.
What do we mean by interference attacks?
In identity document fraud, intruders enter through gaps in the user data and use the compromised data to access the system. This is a very effective method of cyber attack using automation and robot scaling.
Cybercriminals take advantage of the fact that users tend to use the same username and password in different services. It’s a hypothesis that’s true in a way. According to the statistics, about 0.1 to 0.2% of the hacker data can lead to a successful connection if another service is attempted.
Over the years, the security community has witnessed the emergence of several sophisticated robots capable of attempting multiple intrusions simultaneously, each from a different IP address. The fact that they can override simple security measures, such as not allowing a connection to IP addresses that have too many failed connections, makes them a major threat to us.
This is why the use of a layered approach has become a necessity when it comes to securing software and storing critical data. For example, you can invest in DAST security tools or run your applications on a web server to detect possible vulnerabilities while the application is running. The availability of databases with massive references for hackers is another vulnerability that needs to be addressed.
How do cyber attacks work with credible completion?
The padding has a very similar pattern to an attack with brute force, but there are significant differences.
While the latter is likely to succeed if users choose passwords that are easy to guess, the former is much more difficult because it takes advantage of the fact that users exchange passwords – even if they are strong – between services, resulting in a compromise.
To carry out a large-scale credentialing attack, an attacker uses a bot that can spoof different IP addresses and automatically enter multiple user accounts in parallel.
They then start an automated process to verify that the compromised user references run in parallel on multiple websites. So you don’t have to go into the same device more than once.
Every time a cybercriminal successfully logs in, he or she has access to personal information, credit card information, and other valuable data from compromised accounts. They may also store personal information for future use (usually for more advanced phishing attacks) or perform other unauthorized activities through a compromised device.
The most effective way to curb the efforts of bad actors is a preventive approach. Online platforms that require a password must regularly perform security checks to identify and correct vulnerabilities, as in the case of Zoom.
Warning signs for detecting account filling attacks
The Credit Fill is considered the largest collection of beaches, where intruders collect hundreds of millions of stolen files and exchange them for free in pirate forums.
That’s why you need to know the warning signs as soon as possible. Here’s some:
- Check for obvious changes in website traffic, especially multiple attempts to log into multiple accounts in a limited amount of time.
- Read more about the significant increase in traffic on the site and note any recorded downtime that this causes.
- Carefully analyze usage situations in which you find a higher than normal margin of error of the connection.
We also recommend using a robot filter to stop an army of robots sent by attackers. You see, the warning signs above are a good start, but they’re not 100% waterproof. However, if you have advanced filtering technology to easily detect malware on new devices, your chances of preventing cyber attacks increase.
Best Practices for Preventing Account Jamcks
The good news in all this chaos is that you can prevent attacks with references – as long as you know the red flags.
Here are some practical ways to ensure the total security of your company and customer data:
Set a secure password
Fortunately, more than ever, people are open to good cyber-hygiene practices, such as using VPNs to continue surfing safely and anonymously or to avoid spam. However, their password habits still need to be significantly improved.
Start by defining strict complexity rules for all password fields. Using the password manager is very important because it synchronizes all the devices you own. Choose a secure password that gives you access to the password manager. Ask your users to insert special characters and numbers. You also have to travel longer distances.
If a user’s passwords are similar to data breach passwords, you can also ask him or her to create new passwords to avoid problems in the future. You can also send them useful tips on how to create stronger passwords when sending an email.
Configuring multi-factor authentication
Multi-factor authentication, also known as two-factor authentication, must be enabled for each account. You must therefore take the initiative to make this functionality available to users. This adds an extra layer of security, making it more difficult for intruders to enter the system.
Integration of security in website design with CAPTCHA
Captcha is an excellent way to distinguish real users from bots, so it offers the best protection against trusted attacks.
However, it should also be noted that the CAPTCHA solution can be automated. Many companies pay people for the CAPTCHA solution by clicking on these traffic lights.
You can use reCAPTCHA to prevent the extraction from ending up in the automatic CAPTCHA solution. It is available in three versions:
- The invisible window that is only displayed for suspicious users.
- Flag. I’m not a robot.
- A version of V3 that users can evaluate based on their behavior and reputation.
Establishing a connection without a password, if possible
Once cybercriminals have successfully infiltrated your system, they can deny your customers access by prohibiting them from using their own resources. Since the basis of credentialing consists entirely of obtaining information by means of password vulnerabilities, why not remove them completely?
You can use Passthrough Authentication, a much more secure method to authenticate users, to allow more restricted access to their accounts.
Perform risk-based authentication (RBA)
The RBA calculates the risk ratio according to a set of predefined rules that can be linked to everything: the connection device, user identification data, speed or geolocation, IP reputation, data sensitivity, personal characteristics, etc.
This type of authentication can be useful in mitigating risky scenarios by allowing your customers to use a personalized security password.
Completion : Prevention is always better.
Cybercriminals always find creative ways to compromise your data and use it to their personal advantage, whether it’s to disguise a malicious attack as an update to President Trump’s coronavirus or to develop new strategies to bypass detection. Filling is just another variation of the list.
Even if you have been protected from cyber attacks in the past, you should take steps to protect your website by searching for warning signs. Try to avoid the use of devices that rely on network connections in residential areas and implement the necessary policy updates to highlight this new type of risk.
About the author : Sam Bosetta is a freelance journalist specializing in American diplomacy and national security. It focuses on technological trends in cyber warfare, cyber defence and cryptography.
Editor’s note : The opinions expressed in this guest post are those of the author alone and do not necessarily reflect the views of Tripwire, Inc.