Hear
“Humans are very vulnerable.” He affirms it Yuliya Novikovahead of Digital Footprint Intelligence at the cybersecurity company Kasperskyafter an exhaustive study of 193 million passwords that has shown that only two out of ten are safes. Most can be found out in an hour and many of them in just a minute. And the cost is minimal, the channels of the dark web (the network hidden from conventional search engines) and Telegram, where cybercrime weapons are sold, offer “all-inclusive” packages: programs, cloud servers and data of potential victims for only 80 euros per week.
“Our data is like our houses. Would you leave it open for anyone to enter?” he asks. Lilian Balatsou, expert in artificial intelligence linguistics and doctor in Cognitive Neuroscience from Bangor University during a meeting of the cybersecurity firm in Athens. The answer, after Kaspersky’s study, is yes, we leave the house open half of the time.
Novikova explains that 40% of attacks (a third of them followed by kidnapping and extortion) begin with a compromised account. Employees and suppliers of companies with a username and password to operate recognize that they violate the corporations’ regulations on security, due to boredom or by carrying out their tasks without added complications.
In this way, these house key holders misuse it and leave the lock unlocked or allow themselves to be copied, more than once in 21% of cases. “Human error is the main cause of incidents,” warns Novikovawho details that 10 million systems were infected last year, 32% more than at the beginning of the decade.
According to Kaspersky data, 45% of passwords are compromised in less than a minute, 14% in less than an hour and another 14% more in a day or less than a month. In this way, only a little more than two out of every 10 access keys to critical systems are robust.
The rest use names or common words or dictionary terms that, even if altered by numbers or signs that replace letters, are easily vulnerable. There is no pirate behind (hacker) spending their time deciphering them. “Cybercriminals are very creative, but also lazy,” says the expert from the security firm, pointing out that the cyberattack weapons sales channels are already offering, for 80 euros per week, subscription packages that include not only the databases of vulnerable victims, but also the programs and servers to be able to run them without their own infrastructure. These systems are capable of violating even multi-factor authentication protocols, which only facilitate a user’s access when they provide two or more different proofs of their identity.
Marco Preussdeputy director of the Global Research and Analysis Team (GReAT) and head of the Kaspersky Europe Research Center, is even wary of biometric identification systems, which he believes also involve the use of personal information.
In this way, the experts who participated in the meeting in Athens opt for the generalization of the password managers, programs that can securely store unique users and passwords and even generate them in a robust way for each use.
In addition to these, the most effective tactics are: use a different password for each service so that, in the event of theft, only one account is compromised; resort to uncommon words or jumble them; check the robustness of the chosen one through online services; prevent them from responding to personal data that hackers may have access to (such as personal names and dates that are accessible through social networks) and enable two-factor authentication (2FA).
Rafael Conde del Pozo, director of innovation at Softtek, adds one more element of risk: phones. As he explains, “mobile devices have become extensions of ourselves and require comprehensive protection against emerging vulnerabilities.”
In this sense, it proposes providing them with advanced biometric authentication systems, popular in mobile payment; behavioral, which analyzes patterns that do not fit the user; and artificial intelligence to identify anomalies, encrypt data and restrict access.
Regarding mobile vulnerabilities, Check Point’s Threat Intelligence division has identified multiple campaigns that take advantage of Rafel RAT, an open source tool for Android devices that was developed for phishing (hoax) campaigns through messages and conversations with the so that the user installs malicious applications disguised under a false name and icon. They request extensive permissions, display legitimate web pages or imitate them, and then secretly track the device to exfiltrate data.
Security measures involve all types of programs, including social networking applications. The same security company, after detecting illegal access through direct messages on TikTok, recommends establishing strong passwords, configuring two-factor authentication through the network’s security page to activate the “log in with verification” function and report any strange activity. A vulnerability in this network has recently affected media accounts and popular figures.
THE COUNTRY
