• News
  • Features
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine
  • Twitter
(IN)SECUREMagazine
 

Featured news

  • Three reasons employee monitoring software is making a comeback
  • Machine learning fundamentals: What cybersecurity professionals need to know
  • Azure AD Identity Protection now revolves around risky users and risky sign-ins
  • Mozilla will use AI coding assistant to preemptively catch Firefox bugs
  • SaaS spending increasing by 78 percent year-over-year
  • How organizations handle disruptive data sources
  • Bank of Valletta suspended all operations in wake of cyber attack
  • Trickbot becomes one of the most dangerous pieces of modular malware hitting enterprises
  • Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats
  • Most wanted malware in January 2019: A new threat speaks up
  • NIST Cybersecurity Framework: Five years later
  • Snapd flaw gives attackers root access on Linux systems
Zeljka Zorz
Zeljka Zorz, Managing EditorNovember 10, 2017
  • Share this article

Phishing is a greater threat to users than keyloggers and third-party breaches

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

When it comes to loosing access to their accounts, phishing is a greater threat to users than keyloggers and third-party breaches, researchers have found.

account hijacking threats

How many valid credentials?

The group, which includes researchers from Google, University of California, Berkeley, and the International Computer Science Institute, scoured private and public forums, paste sites, and search index sites from March 2016 to March 2017, and identified 788,000 potential victims of keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches.

Using this dataset, they explored to what degree the passwords stolen from various online services enable an attacker to obtain a victim’s valid email credentials and, therefore, to gain access to and hijack their accounts.

As Google researchers were involved in the research, the group was able to check whether the stolen credentials can be used to access Google accounts without actually accessing them.

They found that 7% of victims in third-party data breaches have their current Google password exposed, compared to 12% of keylogger victims and 25% of phishing victims.

“Hijackers also have varying success at emulating the historical login behavior and device profile of targeted accounts. We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. Keyloggers fall in between these extremes, with an odds ratio of roughly 40x,” the researchers noted.

The reason for this is that phishing kits also actively steal additional authentication factors (secret questions, phone number, device-related information, geolocation data) that can be used to impersonate the victim and bypass protections put in place by email (and other online service) providers.

Other revelations from the research

The researchers found that:

  • Credential leaks and phishing largely affect victims in the US and Europe, while keyloggers disproportionately affect victims in Turkey, the Philippines, Malaysia, Thailand, and Iran.
  • The most popular phishing kit—a website emulating Gmail, Yahoo, and Hotmail logins—was used by 2,599 blackhat actors to steal 1.4 million credentials
  • The most popular keylogger—HawkEye—was used by 470 blac khat actors to generate 409,000 reports of user activity on infected devices.
  • Operators of both phishing kits and keyloggers concentrate in Nigeria, followed by other nations in Africa and South-East Asia.

Google forced a password reset for users whose credentials were found exposed. Also, they were able to come to some conclusions from account recovery efforts by their users.

“Roughly 70.5% of hijacked users successfully pass these challenges to recover their account. A me- dian user takes 168 days to re-secure their account. This long delay arrives in part from users being unaware they are hijacked, and Google lacking an alternate notification mechanism in the absence of a recovery phone or recovery email,” the researchers noted.

“For those users that do successfully recover from a hijacking incident, we examine what fraction change their security posture post-recovery. We find only limited evidence of improving account security: roughly 3.1% of users enable second-factor authentication. Our results suggest there is a significant gap in educating users about how to protect their accounts from further risk.”

More about

  • account hijacking
  • account protection
  • credentials
  • cybercrime
  • data breach
  • Google
  • keylogger
  • phishing
  • research
  • Share this article
bot

Machine learning fundamentals: What cybersecurity professionals need to know

  • Azure AD Identity Protection now revolves around risky users and risky sign-ins
  • Bank of Valletta suspended all operations in wake of cyber attack
  • Trickbot becomes one of the most dangerous pieces of modular malware hitting enterprises
  • Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats
Spot
light
NIST Cybersecurity Framework: Five years later

What's New

Microsoft Azure

Azure AD Identity Protection now revolves around risky users and risky sign-ins

Mozilla

Mozilla will use AI coding assistant to preemptively catch Firefox bugs

puzzle

How organizations handle disruptive data sources

hand

Increased appetite for biometrics fueled by speed, security and convenience

business

SaaS spending increasing by 78 percent year-over-year

bot

Machine learning fundamentals: What cybersecurity professionals need to know

programmer

Three reasons employee monitoring software is making a comeback

vault

Bank of Valletta suspended all operations in wake of cyber attack

vault
New infosec products of the week​: November 10, 2017
Phishing is a greater threat to users than keyloggers and third-party breaches
PTP-RAT
Data exfiltration tool PTP-RAT encodes data in pixel colour values

Don't miss

programmer

Three reasons employee monitoring software is making a comeback

bot

Machine learning fundamentals: What cybersecurity professionals need to know

Microsoft Azure

Azure AD Identity Protection now revolves around risky users and risky sign-ins

Mozilla

Mozilla will use AI coding assistant to preemptively catch Firefox bugs

hand

Increased appetite for biometrics fueled by speed, security and convenience

vault

Bank of Valletta suspended all operations in wake of cyber attack

danger

Trickbot becomes one of the most dangerous pieces of modular malware hitting enterprises

fire

Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats

Linux

Snapd flaw gives attackers root access on Linux systems

patch

February 2019 Patch Tuesday: PrivExchange hole plugged

question

SMBs spending a day each week dealing with cybersecurity issues

users

Nearly two-thirds of organizations say tech skills gap is impacting IT audits

 
(IN)SECURE Magazine

Newsletters

Subscribe to get regular updates from Help Net Security. The weekly newsletter contains a selection of the best stories, while the daily newsletter highlights all the latest headlines!

  • Start
  • News
  • Malware
  • Articles
  • Reviews
  • Events
  • Copyright 1998-2019 by Help Net Security
  • Read our privacy policy
  • About us
  • Advertise
  • Design by FatDUX

  • News
  • Features
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine
  • Twitter

Copyright 1998-2019 by Help Net Security | Read our privacy policy | About us | Contact | Advertise

Design by FatDUX