Blog

Common ways hackers try to steal credentials

We are living in a digital era and depend and trust network and devices with our private data.

From making friends on social media to paying our bills through online banking, we continue to share intimate details of our lives using online networks.  This increased use of personal data online, has resulted in an increase in the number of security companies tasked to protect private information on networks and end-use devices. An online cat and mouse game exists as technology is promptly evolving and responding to the strategy used by cyber criminals to steal data.

How hackers steal your password

While it is not the norm, as an online user, one should start following cyber security blogs to learn about the best ways to safeguard your data. Listed below are common ways cyber criminals steal confidential credentials from unknowing users online:

  • Keystroke logging: Seizing everything that a user types, including their confidential passwords.
  • Memory scraping: Inspecting the memory on desktops and finding credentials that may be saved in plain text, or in Windows environments. Finding for certain hashes that can be used in pass-the-hash.
  • Password spreadsheets: Finding path of spreadsheets which containing passwords. (Yes, If you have one, get rid of it today.)
  • Password cracking: Trying to guess or “crack” confidential or confidential with brute force. Industry reports have disclosed network administrators, database administrators and system administrators are frequently the worst sinners (and therefore key targets in an attack) when it comes to having easy to crack passwords.
  • Social engineering: Cheating or double-crossing  a user into giving up their confidential credentials directly.
  • Hard-coded application credentials: Passwords that are within application configuration files that enable far-reaching access but frequently remain unchanged for years at a time.

These methodologies and techniques make it easy for attackers to bypass and avoid the security.

Even if an organization devotes significant time and resources building and executing strong passwords, complexity rules, and policies, it takes one keystroke logger to cause everything to fall apart.