The Game of Credential Abuse | Cyware Alerts


The year 2020 is on its way to making a name in history books, owing to the constantly evolving threat landscape. This year is witnessing an unprecedented level of credential abuse attacks.

The scoop

Gamer credentials have become a lucrative target for cybercriminals. Credential theft targeting online games has reached an all-time high, tying with illicit markets, scams, and account takeovers. According to a recent Akamai study, accounts of 55% online gamers have been compromised at some point.

What does this imply?

Stolen credentials can be abused by criminals to execute several crimes. The most common crime committed is by logging in to a game account and stealing the victim’s profile information, virtual merch and currency, and financial data. Moreover, the gaming industry is a juicy target since gamers are engaged and active in social communities, with disposable income. 

Other credential theft instances

  • Emotet malware has seen a sudden spike in Japan, New Zealand, and France. It is specially crafted to steal login credentials from email clients, browsers, and applications.
  • A phishing campaign has been uncovered that leverages overlay screens and email quarantine policies to steal Microsoft Outlook credentials. 
  • In August, researchers warned about a phishing scam targeting Instagram users via the direct messages feature on the app, with the aim to steal their Instagram and email credentials. 

Why it matters

  • Credential abuse campaigns can lead to dire consequences for enterprises, as it is likely that employees will be affected. Corporate credentials can be exploited by adversaries to gain access to sensitive work-related documents.
  • With attackers impersonating legitimate users and the complexity associated with identifying credential-based attacks results in an environment destitute of control.

The bottom line

It is high time that organizations take steps to reduce credential-stuffing threats by investing in industry best practices by securiing user accounts with additional layers of defense and educating their employees about password hygiene to prevent accidental leaks.



Source link

Recent articles

Life of Maze ransomware | Securelist

In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Dozens of organizations...

Help! My Travel Agency Shut Down and I’m Out $2,000

Dear Tripped Up,Earlier this year, I used STA Travel to book a British Airways flight from Tucson, Ariz., to South Africa, scheduled to...

Bethesda and ZeniMax Sued for Sabotaging Elder Scrolls Skyrim Rival

Rune 2 publisher Ragnarok Game LLC has sued Bethesda and ZeniMax for allegedly helping to sabotage the game’s launch.As reported by PC Gamer,...

Qatar takes first long-haul jets in months with delivery of A350-1000s | News

Airbus has delivered three A350-1000s to Qatar Airways, its first handover of long-haul aircraft to the Middle Eastern carrier for eight months. Qatar received...

Who Won the Debate? Political Observers Weigh In

Grading on a curve, political experts said President Trump did not hurt himself. But they said neither did Joe Biden, and that may...

Smart sensors could track social distancing in the office

PointGrab developed its technology before the pandemic to help workspace managers optimize how employees use office space. About the size of a smoke...

Leave a reply

Please enter your comment!
Please enter your name here