WatchGuard Blog

How to prevent passwords and personal data ending up in hackers’ hands

Dispatches from the dark web: how to prevent passwords and personal data ending up in hackers’ hands

Fraud, identity theft and data compromise are on the rise but everyday Australians and businesses can reduce the likelihood of their falling victim by adopting rigorous protections and processes.

Receive a nasty ‘sextortion’ email while you were on COVID-19 lockdown, or know someone who did? Back in early April, thousands of Australians experienced disconcertion and dismay when they opened an email advising them their computer or device had been hacked – along with ‘evidence’ this had occurred, in the form of a full or partial password they’d previously used, some time, somewhere.

The senders threatened to reveal intimate images of the recipients to their contacts unless a ransom was paid via bitcoin. The campaign generated 1900 reports to the Australian Cyber Security Centre, which advised recipients to cease contact, hang onto their cash and delete the email.

Shopping for personal data on the dark web

So, how do individuals end up on the receiving end of a message like this? Welcome to the dark web, where almost everything is for sale, including passwords and sensitive personal data.

Developed by the US military as a medium for exchanging sensitive information securely, this subterranean web of sites can’t be accessed via regular internet browsers, and relies on powerful cryptography to conceal users’ identity and location.

Although still used for its original purpose, the dark web has morphed into a thriving marketplace for illicit and illegal items, including gargantuan dumps of data marketed by hackers who’ve stolen it from individuals and organisations that have done a poor job of securing their systems.

Many of the latter are also slow to realise when data in their possession has been filched. US research shows companies are taking more than six months, on average, to twig to the fact they’ve been hacked, and close to three months to clean up the mess once they’re aware an incident has occurred. That gives the perpetrators plenty of time to offload the spoils, or use them in phishing campaigns to make money or mischief.

Password protection fail

So, how are hackers and cyber-criminals penetrating the defences that individuals and organisations put in place in the hope of keeping them out?

Stolen usernames and passwords are most often to blame, according to latest research. Typically, individuals are tricked into giving their details away by spear phishing gambits that have become significantly more nuanced and plausible than those commonly seen a decade or two ago (Nigerian money transfer anyone?).

Once these confidence artists have their hands on your login details, it’s not uncommon for them to try their luck in using them to access a range of other accounts across the internet; a practice known as credential stuffing. All too often, they’ll hit pay dirt. In today’s digital universe, it’s common for users to have dozens of online accounts, with banks, utility providers, retailers and the like. Remembering different passwords for each and every one of them, and changing them regularly, can seem just too hard, so many people don’t bother. Instead, they stick with the same old combination; making it all too easy for hackers and cyber-criminals to take a deep dive into their lives, if ever that combination is compromised.

Defending your details and data

When it comes to protecting your passwords and personal details against theft and compromise, there’s unfortunately no silver bullet. Australians who want to avoid falling victim should exercise an abundance of caution when dealing with unsolicited emails, change their passwords regularly and avoid password re-use across multiple accounts.

Meanwhile, for businesses and organisations, a layered system of defence, incorporating measures such as a firewall, anti-virus and antispam software and multi-factor authentication, is your best bet. At a time when the threat posed by hackers and cyber-criminals is real and rising, failing to take precautions can leave your enterprise wide open to a dark world of trouble.

Share this: