The relentless onslaught of password-based cyber attacks underscores the alarming ease with which cybercriminals can exploit vulnerable credentials to inflict damage.
Password attacks take many forms: from phishing schemes that dupe employees into handing over their login information, to underground markets where bad actors can sell or purchase stolen credentials.
Either way, having a valid password allows bad actors to do everything from stealing data to taking over critical business systems.
Nearly half of incidents cited in Verizon's 2023 Data Breach Investigations Report involved compromised passwords.
The incident involved the company's own Norton Lifelock Password Manager.
Norton said the incident involved close to a million customers, of whom 6,500 had data compromised.
In late August, the online charity that helps divert reusable goods from landfills sent out an urgent request asking members to change their passwords.
In an online form, a hacker claimed the breach included up to seven million accounts, with details such as user IDs, e-mails and hashed passwords.
The organization said the attack may have begun years ago when a server was exposed, adding that changing credentials was particularly important if members are using the same ones for other services.
How to recover when password security gets compromised.
This means sending clear communication to all employees and customers to immediately change their passwords.
Businesses can simplify this process for their employees through a self-service password reset tool to minimize calls to the helpdesk.
If you haven't already walked through the steps to handling a cybersecurity incident, you'll need to bring the appropriate stakeholders together to develop an action plan.
Effective data breach disclosure needs to be comprehensive and clear, with next-best steps included.
Advise on any recommendations to safeguard information, such as the password reset directive described above.
Defending your business against password attacks isn't a matter of reinventing the wheel.
Employees should be regularly trained in password security and informed about the dangers of using the same passwords across multiple services.
Tools like Specops Password Policy, which continuously scans your Active Directory for compromised passwords, allows businesses to move from reactive to proactive password security.
Passwords provide a key to some of the most valuable information and systems in the world.
Your end-users are reusing passwords - that's a big problem.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 20 Dec 2023 16:20:21 +0000