June 23, 2016

Top five ways people are getting hacked

It's been quite a challenge to identify the top five ways people are being hacked at the moment, because each industry has a different and very particular set of weaknesses that can be exploited to steal user credentials. Take for example the retail industry, where the majority of users are compromised via card skimming or POS intrusions. In contrast to healthcare, where those types of hacks are rarely seen.

The Verizon 2016 Data Breach Investigations Report (DBIR) came out earlier this year and the insights within it come from research gathered from 67 organisations across 82 countries, involving more than 100,000 security incidents and the analysis of 2,260 breaches. From this report, and other relevant articles, I have put together the top five ways users are getting hacked (in no particular order).

1. Password Reuse

We recently wrote about protecting users from password reuse attacks - that's when hackers use exposed credentials from a breach (like the LinkedIn one), to attempt to hack in to other services in the hope the user has re-used the same username/password combination in other places. In many cases, they have.

Make sure you have a unique and strong password for each login. It makes it harder for you to remember each one, so you should use a password manager. But the main objective is that it also makes it much harder for a hacker to get in.

2. Brute force attack

63% of confirmed data breaches involved leveraging weak, default or stolen passwords."

It takes less than a second to crack a simple password like '12345' or 'password', so it's no surprise that password hacking is one of the top ways people get hacked. Even Mark Zuckerberg recently proved he's not above using a simple password like 'dadada' (and not just on one site, he reused it across a few).

When it comes to passwords here are two good resources: 5 tips to create strong passwords and this cool app to test your password strength.

3. Social Engineering techniques - phishing, spear phishing, vishing, whaling, and privilege misuse.

Almost a third (30%) of phishing messages were opened...And 12% of targets went on to open the malicious attachment or click the link.'

Social engineering is a very common way for your users' credentials to be compromised at the moment. You may receive an email from what seems to be a service provider you use or a colleague you trust, asking you to click a link and login to your account, or asking for private information. It seems totally legit, so you hand over your credentials and: Account Compromised!

Learn more about phishing, and how to stay safe.

4. Physical Theft - work, car, and home

39% of theft is from victims’ own work areas, and 34% from employees’ personal vehicles.'

Not a high tech hack by any means but still ranking up there in the top five ways you can accidentally hand your login information over to the wrong people. Especially if you keep your passwords on a post-it note next to your PC.

5. Downloading malware - email attachments, websites serving up drive-by downloads, emails linking to pages with drive-by code installs

30,000 websites are infected with malware every single day' - Forbes

If you download malware via an email attachment, a link in an email, or by visiting the wrong website, you could end up with Ransomware, a key logger, or malicious code installed on your device. Best way to avoid this situation is to check with the person who sent the email that the link or attachment is okay before you open/click it, and don't download anything from a website you don't trust. (Just don't download anything.)

So there you have it! Hopefully you're following best practices, and none of the above is news to you. But share this with your colleagues, friends, and family, who may need a friendly reminder. And tell us your own experiences with online safety in the comments below!

Try ThisData for free!


The future of authentication

Today I’m excited to announce a deal that we have been working on for the past few months and how that will impact the future of contextual ...

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...