IBM: Hacker targets employee’s password to attack company – 02/28/2024 – Tech

To invade corporate systems in search of gains, cyber criminals began to prioritize stealing employee access data in order to find security breaches.

According to the IBM X-Force Threat Intelligence Index global study released this Wednesday (28), 71% of attacks worldwide originated from authentic accounts, that is, those that already existed on the systems.

The report analyzed 150 billion virtual risk events per day in 130 countries to provide an overview of the cybersecurity scenario in the world. The occurrences were recorded by IBM Security and its partners, Red Hat Insights and Interzer.

This tactic allows the invasion to go unnoticed for longer and for fraudsters to impersonate the company.

The hacker can use, for example, an employee’s email to launch data theft campaigns, known as phishing, in reference to the verb fish in English.

Thus, it gains access to user data and passwords from the victim entity’s customers and can use them for future scams.

“Access credentials are the most coveted assets by cybercriminals”, says IBM director for Brazil, Fábio Mucci.

One of the ways to avoid compromising sensitive information is to limit employee access to only what is essential for work. This, consequently, reduces the navigation capacity of the criminal who obtains credentials from the company’s systems.

To obtain this information, criminals use a series of resources, from social engineering, with fake forms, to so-called brute force attacks, which test different password possibilities until they get the combination right.

Therefore, cybersecurity professionals recommend choosing strong passwords, containing letters, numerals and symbols. It is also recommended to change them and reinforce account security when there is any suspicion of a leak.

Cybercriminals often wait a while after mapping holes to carry out attacks, in a tactic known as “hijack first and decrypt later”. As Red Hat Insights found, 92% of its customers have a known vulnerability that has not yet been exploited by hackers.

In Latin America, attacks using valid credentials ranked second on IBM’s list of risks, representing 22% of registered incidents.

Brazil is the priority victim of virtual crimes in Latin America and concentrated 68% of IBM Security’s detections in the region.

The main loophole exploited in Brazilian companies is the vulnerability in applications with public keys, called APIs. This technology allows external access to part of the entity’s systems to enable integration. Pix, for example, is a Central Bank API that can be accessed by financial institutions.

Retail companies are the most targeted targets of cybercriminals. This arises from the complexity of the business, which requires a network of collaborators articulated using logistics technology, says Mucci.

These are still companies with large customer bases, which increases the earning possibilities for hackers.

According to the IBM study, 33% of incidents recorded in Latin America involved data leaks. In 22% of these cases, there was extortion or damage to the company’s reputation.

Criminals use companies’ willingness to embrace technology to create new attack fronts, according to the IBM director.

This also applies to smart devices, which are generally vulnerable because they have specialized software without robust defenses.

“Customers today have to be prepared for all forms of attack, which is why cybersecurity experts run continuous tests to find vulnerabilities before malicious actors do,” says Mucci.

Fake email campaigns —phishing— continue to be one of the main problems for companies, representing 22% of risk events registered in Latin America.

With the advent of generative artificial intelligence (AI), criminals can write convincing and misspelling texts on a larger scale.

AI, in fact, is a new focus of concern and service for IBM.

The cybersecurity company already offers protection to companies’ databases to prevent the attack known as poisoning, through which criminals add false information to the target company’s systems to induce language models, such as ChatGPT, to have unexpected reactions.

Criminals, however, have not yet reached a level where the investment to poison artificial intelligence systems returns revenues equal to the undertaking. For now, they are in a research stage, according to IBM.