https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Username Password Phishing Concept

Understanding How Passwords are Stolen: Phishing, Spoofing and Beyond

  • Written by Christopher Tozzi
  • October 22, 2017
We've compiled an explanation of the most common strategies that attackers use to steal passwords - and what you can do to help prevent them.

It’s no secret that passwords can be stolen.

In order to maximize the security of your passwords, however, you should understand how password attacks actually occur.

Before we begin, we should note that stealing or “cracking” passwords is not the only way that attackers can gain unauthorized access to sensitive data.

They can also intercept weakly encrypted data over the network, for example, or find ways to bypass passwords entirely in order to access protected data.

However, stolen passwords are one of the most common vehicles that attackers use to hijack email accounts, steal identities and more.

Following are the most common strategies that attackers use to steal passwords, along with an explanation of what you can do to help prevent each type of attack.

Protocol Vulnerabilities

Sometimes, flaws exist within the code that is used to exchange or encrypt passwords.

Attackers can exploit these vulnerabilities to break passwords.

For example, this is a method for cracking WEP passwords – technically encryption keys, not passwords – which were once commonly used to secure wireless networks.

To minimize your risk of having passwords stolen through this type of vector, you should ensure that your software is up-to-date.

Keeping your software current ensures that you have the latest patches that address known security vulnerabilities.

You should also avoid using protocols with known security flaws – and don’t assume that just because a protocol is available to you, it is secure.

For more than a decade, it has been possible to break most WEP keys in a matter of seconds, yet some router manufacturers still provide WEP as an encryption option. Instead of WEP, you should use WPA, which is generally secure.

Unfortunately, attackers sometimes discover and exploit vulnerabilities before they become publicly known and fixed.

For that reason, you can never be certain that a software vulnerability won’t expose your passwords to attack.

Brute Force

Brute force refers to the practice of trying all possible combinations of letters and numbers until you hit one that matches a password.

The best way to mitigate brute force attacks is to make sure your passwords are long (eight characters is often suggested as a minimum, but a best practice is to make the password as long as you’re allowed to) and do not consist of commonly used words or phrases.

The longer your password, the greater the number of possible combinations that an attacker will have to try in order to brute force your password.

And by avoiding commonly used words and phrases, you ensure that your password can’t be brute-forced by running through a list of common passwords.

Attackers often use these lists first during brute-force attacks.

A sufficiently long and random password is effectively immune to brute-force attacks.

However, as computing power grows ever greater, so does the ability of attackers to unleash brute-force attacks.

What counts as a long-enough password today may not be secure in the future, because the computers of tomorrow will be able to test possible passwords faster than today’s.

Spoofing

The third common attack vector for stealing passwords is convincing users to give them up unwittingly.

For example, an attacker could “spoof” a website by creating what appears to be a valid login page for a site that a user commonly visits, then direct his target to the page.

If the user enters his or her login information into the spoofed page, the attacker has the credentials.

Spoofing attacks can be easier to execute than you may think.

Anyone who controls a network’s configuration settings can easily redirect visitors to a spoofed version of any site he wishes by modifying DNS configurations.

It’s also sometimes possible to “poison” DNS caches within networks in order to execute spoofing attacks, even without controlling the network settings directly.

The best way to avoid spoofing attacks is to connect only to networks that you trust. Spoofing attacks are one reason why you should not connect to random networks in airports, for example.

Anyone can set up an access point with a network name like “Free Wifi,” then use spoofing attacks to steal passwords.

You can also help to mitigate DNS poisoning and other vulnerabilities by keeping your routers and other network software up-to-date, and running network intrusion-detection software.

Finally, you should take seriously warnings in your web browser about invalid certificates when you visit professionally maintained websites, whose certificates should always be properly configured.

It’s common to see certificate problems on many poorly maintained websites, simply because administrators fail to create proper certificates rather than because of actual spoofing.

For this reason, users have unfortunately become accustomed to ignoring warnings about certificate problems, which are often a sign of spoofing attacks.

Phishing

The fourth type of attack, phishing, is the cousin of spoofing.

Sometimes, phishing and spoofing are used together.

In a phishing attack, an attacker uses social engineering to convince a user to click a link or download software that then steals passwords – or wreaks havoc in other ways.

Phishing is the technique that attackers used to break into email associated with Hillary Clinton’s presidential campaign in 2016, for example.

Unfortunately, there are no failsafe technical tools that you can use to prevent phishing. The best defense is to educate yourself and your users so that they think very hard before clicking a link or accepting a download, even if it appears to be from a legitimate source.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Security Strategy

Related


  • McAfee Employees Getting Pink-Slipped in Likely 'Belt-Tightening'
    McAfee also reportedly is closing its Israel software development center.
  • Microsoft Surface Pro 7+ for Business
    Microsoft Launches Surface Pro 7+ for Business, Sold Only via Channel
    The newest version of the Surface Pro is available with LTE Advanced option.
  • SMB cybersecurity
    SMBs’ Cybersecurity Risk Awareness Is Rising
    The majority of SMBs would switch MSPs for the right cybersecurity support.
  • Shot of Corridor in Working Data Center Full of Rack Servers and Supercomputers with Cloud Storage Advantages Icon Visualization.
    Security Tips for Protecting your Backup Servers
    Businesses today are evaluating and implementing a multi-vector approach to securing and protecting company data. This paper will focus on additional measures and techniques to specifically protect the backup environment, as well as the Carbonite multi-vector approach for securing your data, part of our cyber resilience philosophy. Brought to you by:     

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • The Benefits of Co-Managed IT for Enterprises in the New Normal
  • Lockdown Lessons: Securing Your Business First
  • Lockdown Lessons: Shoring up Your Network and Security Policies
  • Making Money with Security Awareness Training

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery

January 19, 2021

Cybersecurity: What to Expect in 2021

January 19, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Our latest #Cybersecurity Roundup features @BitSight and @kovrrIns, @Vectra_AI and @AppOmniSecurity,… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@solarwinds hackers target @Malwarebytes, impacting internal emails. #cybersecurity dlvr.it/RqzkZp https://t.co/aWqLjCCW9y

January 20, 2021
ChannelFutures

.@citrix $2.25 deal to acquire @wrike expands @CitrixPartners network into collaborative work management.… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@Carbonite Migrate uses real-time replication to move workloads to #cloud with minimal risk and near-zero downtime… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

Backup and recovery is essential for #cloud-based CRMs @ConnectWise #SaaS #dataprotection #cloudbackup #databackup… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

You an #MSSP looking to avoid a #SolarWinds-type breach? @Asigra, @Barracuda, @CynetSystems give advice. Don’t blam… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

What to expect in 2021 @Webroot #cybersecurity #MSP #remoteworkforce #remoteworking #Carbonite… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

From #itautomation to #workfromhome, a look at 2021 trends from @BitTitan. dlvr.it/RqwFZg https://t.co/EkCeJVNAPo

January 19, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X