Written by
Keeper Security
The NVIDIA security breach resulted in tens of thousands of employee login credentials being leaked online. Threat actors also made off with mass quantities of highly confidential business information, including code signing certificates and what appears to be source code for the company’s Deep Learning Super Sampling (DLSS) technology.
Verizon estimates that over 80% of successful data breaches involve compromised login credentials. How do threat actors get hold of these credentials to begin with? Here are some common methods:
“Brute-force” is an umbrella term for automated password-related attacks, including credential stuffing and password spraying. In a brute-force attack, cybercriminals purchase a list of previously compromised passwords on the DarkNet, or alternatively, they download a free list of common passwords, like qwerty and password123. Then, they use bots to try these passwords on as many sites as possible. Brute-force attacks leverage the fact that many people reuse passwords across multiple accounts.
In a targeted or surgical attack, cybercriminals select specific individuals at an organization to target, then search social media networks for information about potential victims, such as their birthdays, favorite vacation spots, hobbies, and names of their children, spouses, or even pets. Then, they use this information to try to crack each target’s password. This type of attack takes advantage of the fact that many people use passwords containing personal information, such as their children’s birthdates or their spouse’s name, which is easily available on social media.
Phishing involves a cybercriminal stealing credentials directly from a victim, often by sending them an email or text message with a malicious link that either directs the victim to a phishing site, where they’re prompted to enter their login credentials, or downloads keystroke-logging malware onto the victim’s device, often without the victim noticing.
SIM swapping, also known as SIM hijacking, SIM jacking, or SIM splitting, a new type of account takeover (ATO) attack that is rapidly increasing in frequency. In this type of attack, a threat actor gets a victim’s mobile phone number transferred to a new SIM card. The threat actor then inserts it in a new device and takes over all of the victim’s online accounts and apps.
Prevent your company from becoming a victim of these cyber attacks with Keeper.
The NVIDIA breach illustrates how just one stolen password can bring down tens of thousands, even millions of dollars worth of cybersecurity defenses. Password-related cyber attacks are going to keep happening, to companies of all sizes, because cybercriminals know that too many organizations lack comprehensive password security controls.
To prevent this from happening to your organization, take these defensive steps:
Keeper’s zero-knowledge password management and security platform gives IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies across the entire organization, including password complexity requirements, 2FA, RBAC, and other security policies.
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.
You May Also Like
Credential theft is one of the most common methods used by cybercriminals to gain unauthorized access to an organization, according to Verizon’s 2023 Data Breach Investigations Report. Credential theft places organizations at a greater risk of...
Choose Language