Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 8 MINUTES AGO.
You are here: Home / Network Security / Google: Phishing Top Online Threat
Google Study Finds Phishing Is Top Online Threat
Google Study Finds Phishing Is Top Online Threat
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
13
2017
Internet data breaches threaten the usernames and passwords of billions of people, but bad actors find phishing is the most effective way to hijack their victims' online identities, according to researchers at Google and the University of California-Berkeley.

In a year-long study of online black markets, the researchers found that 25 percent of phishing victims were at risk of a Google email account takeover after their credentials were exposed, compared to 7 percent of victims of third-party data breaches and 12 percent of keylogger victims. Google said it has used those findings to secure the accounts of victims whose data was being marketed online, and to strengthen security measures for its users in general.

Google added that it has publishing details of its research to encourage other online services to take similar steps to boost their authentication systems with "more protections beyond just passwords." It also advised users of Google services to visit its Security Checkup site to ensure their defenses are up to date.

400x More Likely To Be Hijacked

Between March 2016 and March 2017, the Google/University of California-Berkeley research team monitored online black markets to understand how stolen credentials make their way into the hands of hackers and identity hijackers. During that time period, they identified 788,000 potential victims of keylogging, 12.4 million potential victims of phishing, and 1.9 billion usernames and passwords exposed via third-party data breaches.

"We find that the risk of a full email takeover depends significantly on how attackers first acquire a victim's (re-used) credentials," the researchers wrote in a study that was presented at last week's Association for Computing Machinery's Computer and Communications Security conference in Dallas. "We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims."

Keylogging uses malicious software installed on an infected device to record user keystrokes, enabling bad actors to access others' login credentials.

The researchers said their study also showed how stronger login security systems can help reduce threats to users' online credentials and identities. "Our findings illustrate the global reach of the underground economy surrounding credential theft and the need to educate users about password managers and unphishable two-factor authentication as a potential solution," they noted.

15% of Online Users Have Been Victims

In 2014, Google research found that more than 15 percent of online users have had their email or social networking accounts hijacked by malicious actors. The new study was aimed at better understanding the root causes of hijacking, Google said in a blog post published Thursday.

"What we learned from the research proved to be immediately useful," Google's Kurt Thomas and Angelika Moscicki wrote in the post. "We applied its insights to our existing protections and secured 67 million Google accounts before they were abused. We're sharing this information publicly so that other online services can better secure their users, and can also supplement their authentication systems with more protections beyond just passwords."

In a similar move last week, Amazon said it was adding new encryption and security features to its S3 cloud storage service to reduce the risks of stored data leaking onto the Internet. The new features include default encryption, permission checks, support for cross-region replication of objects, support for object replicaton with Amazon's Key Management Service, and detailed inventory reporting.

Those protections are aimed at security issues that "aren't really caused by the cloud providers themselves, but by the [organizations] using them -- failing to do everything in their power to ensure that the web 'bucket' they are pouring data into has been properly configured," U.K. security writer Graham Cluley wrote yesterday. "In short, it should be harder than before for companies to leave their data lying around for anyone surfing the Internet to scoop up, and simpler for them to have put basic security in place."

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.