Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

What You Need to Know about Credential Stuffing

What You Need to Know about Credential Stuffing

A lot of people have more time on their hands thanks to the pandemic, so it makes sense that many are turning to streaming services and the like for their entertainment. Alas, this has not gone unnoticed by cybercriminals.

Listed below is an examination of credential stuffing.

What is Credential Stuffing?

Credential stuffing is an suitably named method for an attacker to gain access to an account. It’s also the reason why we always recommend that you use a different username and password for each account.

Example: website A, a popular social media platform, suffered a data breach, and some of its info was leaked, including usernames and passwords. This means that a hacker can take this list, go to other sites, and start trying them out. If a user was reusing their credentials, our hacker has a match and now has access to their account and information.

By basically running through a spreadsheet, an attacker can gain access to far more accounts than they should.

The Current Problem

In their most recent report, platform-based service provider Akamai reviewed data collected throughout 2018 and 2019 to deliver insights to the media industry. As they explain in their included letter from the editor, the rise of the COVID-19 pandemic quickly caused them to reconsider. Thanks to this reconsideration, the report also shows trends as influenced by the pandemic.

These trends are quite telling.

Credential stuffing exploded as the coronavirus tightened its hold. In fact, reviewing the documents that Akamai produced shows that their graphs needed to be dramatically increased in scale, tens of millions transitioning to hundreds of millions as numbers increased fourfold. As Europe locked down, a video media service was hit on March 26 by over 364 million malicious login attempts, with over 6 billion attempts taking place in that month alone.

The economics of these stolen credentials also share some insights. In the beginning of Q1 2020, researchers took note that video media accounts were priced at about $1 to $5, with bundled services coming in at $10 to $45 each. However, these prices plummeted by the end of Q1 with all the new credentials that were made available.

Why This Matters

These types of attacks are exactly why it is recommended that access credentials aren’t recycled.

“Why would anyone hack into my stuff?”

Most of us have thought this as we’re asked to provide a password for a new account. We wonder if it really matters how secure our password is; after all, we’re not anyone of interest, so is all that security really worth the effort?

Besides, it’s easier to just remember the one.

As a result, a significant number of people have the same usernames and passwords on multiple platforms. This is where the problem lies. Someone accessing your Hulu account is one thing, but someone accessing your bank, or your tax returns, or your work email (sending us down another rabbit hole) is quite another.

So, where do we go from here?

Well, first thing, you need to go over your own accounts and make sure that all of them are properly secured. At Macro Systems we recommend that your passwords include the following, to help boost their security:

  • Lots of characters
  • A diverse mix of letters, numbers, and symbols
  • No personally identifiable details (like your pet’s name, hobbies, etc.)

Alternatively, you could consider a passphrase. A passphrase (like “starheatweightorangevirtue”) takes five unrelated, random dictionary words and combines them, making a memorable, but essentially impossible to crack, passcode for you to use.

Second, we recommend the use of a password manager to help keep track of these passwords/passphrases. With a password manager to help you remember, you no longer have any excuse to slack off on your security.

Macro Systems can help make your business’ computing more secure as well, along with our many IT services. Find out how we can assist you by giving us a call at 703-359-9211.

Don't Forget about Ransomware
Managed IT Services Can Help Your Business During ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 21, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030