We live in a password paradox. Passwords are designed to keep confidential accounts and information safe, but the number of passwords created per employee (Every employee has an average of 27 passwords.) creates more opportunities for those passwords to be exposed. Password theft can be quite lucrative, depending on the sensitivity of the exposed account.
According to Barracuda Security Insight, which provides real-time threat intelligence, cybercriminals have become more aggressive in recent weeks when it comes to exposing and stealing users’ credentials. Jonathan Tanner, a software engineer at Barracuda Networks, shared this advice in a recent post:
“As with malware in general, password stealers have a variety of distribution methods, most of which involve phishing emails containing an attachment or URL. Since it is much easier and more cost-effective to detect malicious attachments on the email server itself than a user’s computer, a variety of different file types and distribution methods are used to try to evade this sort of security, especially the more naive approaches such as simply blocking certain file types.
Password stealers may be compressed in any number of archive formats to evade file-type blocking—sometimes using fake file extensions that will still allow the file to be opened in the desired archive software.”
To learn more about how this attack can infiltrate your customers’ networks, read the rest of the post here.
Educating customers about the attached password stealer attack
The attached password stealer infiltrates the network through malicious Word documents or Excel files that claim to be of importance to the user. The files go undetected because they are using common formats attached to what seem to be legitimate emails. Once the user opens the document, though, their sensitive passwords and credentials can be compromised.
To avoid falling victim to this threat, it is important to educate customers about security best practices and implement a multi-layered solution to block these threats from reaching the end user. For example, Barracuda Essentials for Email Security protects users from seeing malicious attachments in their inbox. Instead of delivering the message, Essentials will flag the malicious code or links as a critical threat before it reaches the user, preventing them from falling victim to an attack.
Cybercriminals are always looking for ways to enter your customers’ networks, and it’s your job to ward them off with robust security products and thorough user education. To learn more about how Barracuda MSP’s solutions can help you, visit our website or contact a sales representative.
Photo: Natasa Adzic / Shutterstock.