How to Prevent a Password Attack

What Is a Password attack?  

A password attack is (you guessed it) when a cybercriminal attempts to steal passwords/ log-in credentials to bypass the authentication of a user's account. According to Verizon's 2022 Data Breach Investigations Report, 80% of data breaches link to passwords. These attacks are one of the most popular methods of personal and corporate data breaches and can present themselves as phishing attempts, man-in-the-middle attacks, brute force attacks, and keyloggers.   

Phishing  

Phishing is a social engineering attack in which a user is contacted by email, telephone (vishing), or text message (smishing), impersonating reputable companies or individuals.  

How to avoid phishing attempts  

• Double check with the sender. When in doubt, reach out. A sender might not even know they were compromised.  
• Change passwords regularly. There's a possibility your account could've been compromised unknowingly. Rotating your passwords without being prompted can lock out potential attackers.  
• Don't click or download. Never click links or download attachments you are not familiar with or expecting. If you can, always try to access a site through your search engine or check with the sender to verify they did send that link or that file.  
• Deny by Default. Implementing a Zero Trust strategy with the use of Allowlisting and Ringfencing™ can exponentially reduce the surface area of an attack by denying any unknown access to applications.  

RELATED: "Human Hacking - Protecting Yourself from Social Engineering"  

Man-in-the-Middle Attacks  

Man-in-the-middle (MitM) attacks are the wiretapping of cyberattacks. These occur when attackers eavesdrop by inserting themselves into existing conversations or data transfers, pretending to be the legitimate parties, while distributing malicious links to unsuspecting, legitimate parties.  

How to avoid MitM attacks  

• Use MFA. If a cybercriminal obtains your credentials, it is always best to have an extra layer of authentication to thwart unauthorized log-in attempts. Using 2FA/ MFA will help add that extra layer of security.  
• Use strong credentials for your router. Router credentials are rarely ever changed from their default setting. Suppose a cybercriminal gets a hold of your router administration. In that case, they can infiltrate your system and direct that traffic to their servers. The more robust your password, the less likely hackers will succeed.  
• Network Access Control (NAC). Implementing a Zero Trust endpoint firewall can give you total control over all in-bound network traffic. By using custom-built policies, NAC limits your exposure by allowing granular access based on IP addresses, specific keywords, agent authentication, or dynamic ACLs, keeping threat actors out.  

Brute Force Attacks  

A brute force attack is a tactic used by hackers to gain control of an organization's secure accounts, systems, and networks. This can result in stealing confidential information, spreading malicious software, and personally altering websites or social media to assist in further damage to your reputation.   

How to Prevent a Brute Force Attack  

• Create a firm password policy. Holding your organization's users accountable for maintaining strong passwords is the best way to stop cyber threats and secure your organization's accounts.   
• Use CAPTCHA. Tools such as CAPTCHA can discourage threat actors and impede bots.  
• Use MFA.  
• Application Control. Deny unallowed applications from running and prevent allowed applications from being weaponized. This will prevent further access to other applications or data, fending against brute force attacks.  
• Locking down accounts. Implementing lockdown policies to capture user logon, logoff, unlock, and lock events can alert you of a brute force attack and prevent compromise of your system.  

RELATED: “What Are Brute Force Attacks?”   

Keyloggers  

Also known as a keystroke logger, a keylogger is a type of spyware that monitors and records user keystrokes. This attack gives threat actors access to read whatever is being typed into a keyboard, which can include log-in credentials. Modern-day keystroke attacks have also been able to read screenshots or data copied to a user's clipboard.  

How to prevent Keyloggers  

• Don't download files from unknown sources.   
• Use a password manager. Using a password manager will limit physically typing passwords for different accounts.  
• Inspect your physical hardware. Ensure that you are familiar with every piece of hardware at your workstation. Threat actors can also use an assortment of physical tools. If someone has access to your workstation, they can install a hardware keylogger to collect information about your keystrokes. Regularly inspect your computer for installed spyware.  
• Use an Antivirus. Running an antivirus scan can assist you in removing malicious and unfamiliar software. Some antivirus companies already keep a record of common malware like keyloggers.   
• Application Control. Implementing zero trust in your organization can prevent downloading unfamiliar and untrusted software, limiting the risk of 3rd party monitoring from spyware. This level of application control will prevent keyloggers from monitoring keystrokes and getting access to other sensitive information.  

Conclusion  

Password attacks are not often the sole goal in cyberattacks, but the first of many breaches in a multi-variable attack sequence seen in attacks such as ransomware.  

Prevention is always better than a cure, but if an attack slips through the cracks, it is beneficial to implement various controls to mitigate an attack's reach and thwart cybercriminals. Implementing a Zero Trust posture through application control, lockdown policies, etc., will further safeguard your IT environment.  

If you are interested in learning more about ThreatLocker's zero trust endpoint security products, schedule a demo with the Cyber Hero Team for a free demo. 

‍