Phishing attacks via fake emails pose the greatest threat to people, followed by keyloggers and third-party breaches as account hacking increases globally, a new Google study has revealed. Keystroke logging is a type of surveillance software that once installed on a system, has the capability to record every keystroke made on that system. The recording is saved in an encrypted log file. According to Google, enterprising hijackers are constantly searching for, and are able to find, billions of different platforms’ usernames and passwords on black markets.
A Google team, along with the University of California, Berkeley, tracked several black markets that traded third-party password breaches as well as 25,000 blackhat tools used for phishing and keylogging. “In total, these sources helped us identify 788,000 credentials stolen via keyloggers, 12 million credentials stolen via phishing, and 3.3 billion credentials exposed by third-party breaches,” Google said in a blog post late on Friday. Account takeover, or ‘hijacking’, is a common problem for users across the web. More than 15% of Internet users have reported experiencing the takeover of an email or social networking account.
“From March 2016 to March 2017, we analysed several black markets to see how hijackers steal passwords and other sensitive data,” said Kurt Thomas from Anti-Abuse Research and Angelika Moscicki from Account Security teams at Google. The tech giant then applied the insights to its existing protections and secured 67 million Google accounts before they were abused. “While our study focused on Google, these password stealing tactics pose a risk to all account-based online services. In the case of third-party data breaches, 12% of the exposed records included a Gmail address serving as a username and a password,” the blog post read.
Of those passwords, 7% were valid due to reuse. When it comes to phishing and keyloggers, attackers frequently target Google accounts to varying success: 12-25% of attacks yield a valid password. However, because a password alone is rarely sufficient for gaining access to a Google account, increasingly sophisticated attackers also try to collect sensitive data that we may request when verifying an account holder’s identity.
“We found 82% of blackhat phishing tools and 74% of keyloggers attempted to collect a user’s IP address and location, while another 18% of tools collected phone numbers and device make and model,” Google noted.
“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defences in order to stay ahead of these bad actors and keep users safe,” it added. There are some simple steps people can take that make these defences even stronger. “Visit Google’s Security Checkup to make sure you have recovery information associated with your account, like a phone number, and allow Chrome to automatically generate passwords for your accounts and save them via Smart Lock,” Google cautioned.