When security personnel think of email attacks, usually the first word that comes to mind is “phishing." While phishing is a very common (and sadly, very successful) attack vector, many threat actors take a different approach to gaining access to victims’ accounts. Breaching an email mailbox is a critical first step, creating a doorway to endless exploitation possibilities.
In this blog post, we will outline five different ways that cyber attackers can breach your email account and steal personal information.
A brute force attack is a simple attack method involving repetitive attempts to guess a victim’s password. The attackers will try out various password combinations, hoping to guess the right one. To do this, they will usually use an automated brute force password cracking software such as John The Ripper or Aircrack-ng. While brute force attacks used to be performed manually, attackers today utilize botnets for the power they need to deploy many password-cracking attempts.
The classic “trial-and-error” brute force attack on all possible character and number combinations can guess simple passwords, but with today’s password sophistication, it will usually take more than that to crack a victim’s password. Dictionary attacks are a more focused form of basic brute force attacks, attempting to guess password combinations based on a dictionary file. These files include phrases that the attackers believe to be likely parts of the password, such as commonly used passwords phrases, relevant birth or anniversary years, popular pet names, movie and book names, and more.
Rainbow Table Attack
In a rainbow table attack, threat actors will try to crack victim passwords using rainbow tables. Since passwords are not stored on computer systems in plain text form, but rather encrypted in to unique hashes, these hashes need to be stored in a designated database. Rainbow tables include a dictionary of plain text passwords and their corresponding hashes, which can be exploited for automated password guessing. Attackers use precomputed rainbow tables consisting of every possible password combination that the list can handle, and the hash version of those passwords. Once they have hacked in to a system and achieved access to the database of hashed passwords, or simply bought a list of hashed passwords from a third-party source, they can compare the hashes in their rainbow table to the target hashes from the stolen list. Each hash in the latter is looked up in the precomputed rainbow table, and when there is a match, the attackers can view the corresponding plain text password and voila – they’ve cracked the password.
As opposed to brute force attacks, this attack style is considered “low and slow”. Instead of trying out multiple passwords on one username until the password has been cracked, password spraying is the act of guessing one commonly used password against all user accounts before proceeding to try the next password in line. This method usually allows the attackers to go undetected, and avoids getting locked-out from the accounts due to consecutive failed attempts. While some password stealing methods are used to target specific users, password spraying prays on victims using weak passwords.
In credential stuffing attacks, attackers have already gotten their hands on a compromised password list, usually consisting of usernames/email addresses and their corresponding passwords for a specific service. Based on the assumption that many people use the same password for multiple services, attackers will then use an automated process to check the username-password combination across a variety of services and websites. This is a high-severity attack, as many people tend to reuse their passwords. The 2019 Global Password Security Report shows that on average, employees reuse the same password 13 times.
A keylogger is a software program function that monitors and stores keystrokes. Keyloggers usually come as a function of malware that has been installed on a victim’s machine. Threat actors can infect their victims with a keylogging Trojan through various attack vectors, whether it be a malicious attachment or link in an email or through a webpage script. The keylogger then logs all keystrokes, usernames and passwords included, submitting them to the Control and Command server, where the attackers can harvest the stolen passwords and utilize them as they wish.
Keeping Your Accounts Safe
Want to minimize the risk of having your passwords exposed or stolen? Taking a few key precautions can dramatically improve your password protection:
- Use complex passwords – create passwords that are at least 8 characters long, and make sure that they’re not in the Top 200 Most Popular Passwords
- Do not reuse passwords – we know it’s tempting, but since data breaches are constantly occurring, even to the largest and most well-known services, using the same password for multiple accounts puts you at high risk of having many of your accounts breached.
- Implement two-factor or multi-factor authentication – this process helps ensure that even if threat actors have cracked or stolen your passwords, they still cannot access your accounts without knowing the other authentication factors as well.
- Protect yourself from malicious emails – do not click on links or attachments in emails before checking the email thoroughly and making sure it is legitimate.
- Monitor your traffic – detect suspicious repeated attempts and add their source IPs to your firewall block list to block further attacks.
- Block malicious traffic – use a security solution that protects your network from malicious inbound traffic, so that malware cannot download itself on to your machine, as well as from malicious outbound traffic, so that if the malware has already sneakily made its way in, it cannot send your passwords back to its C2 servers.
Due to the impact of novel Coronavirus (COVID-19), ThreatSTOP is offering 3 months of MyDNS free, or until the stay at home orders expire. Whichever is longer. With the COVID-19 crisis comes an unprecedented transition to a work from home workforce, and a massive increase in email attacks. (Among a very long list of others) Because people need to work from home, we want to provide the cyber security protection they should have at work, for free.
Unlike other solutions that send all your data or DNS queries to their Cloud, creating privacy issues and potentially exposing critical company data to hacking and theft through man-in-the-middle attacks, our MyDNS puts a DNS Firewall enabled DNS server onto your device, keeping your traffic under your control and preventing DNS hijacking by enforcing DNSSEC.
Easy and quick to set up, no hardware, no contracts or obligations, and we're here to help.
Want to learn more about MyDNS and how ThreatSTOP protects your devices remotely? Check it out and get started below.