For the past several months, folks over at Google have been getting into the dark parts of the internet to see how the thieves work - specifically, how do they steal so many identities. According to Google, more than 15% of all internet users have experienced at least one account takeover - whether email or social media account - in their life. But, account hijacking isn't possible without login credentials. How do then criminals get their hands on so many account credentials?
No, it's not always about the mega data breaches even though they continue to drive mass attacks. In its research that was conducted with the help of the University of California, Berkeley, Google said that hackers steal nearly 250,000 new logins every single week. How do they achieve such a big number?
How hijackers steal passwords - phishing and keylogging
Google wrote that on average, every week attackers steal 234,887 potentially valid login credentials using nothing but the phishing tools. Keylogging helps the criminal community collect another 14,879 logins every week. The research identified 788,000 potential victims of keylogging and 12.4 million potential victims of phishing.
As for mega breaches, the number is at a staggering 3.3 billion probably thanks to the massive Yahoo, LinkedIn, MySpace, Equifax, and Tumblr leaks in the past few years. While the mega breaches may attract more heat, it shouldn't be missed that hackers continue to steal new data every single week as is confirmed from Google's latest research.
This data was collected between March 2016 and March 2017 in an effort to analyze how the criminal community continues to hijack user accounts. Google also shared that it's not just the login credentials that are stolen as hackers also look for IP and location details as a "password alone is rarely sufficient for gaining access" particularly to a Google account. Sophisticated campaigns try to also collect sensitive data that may be requested by the companies to verify the account holder's identity.
We found 82% of blackhat phishing tools and 74% of keyloggers attempted to collect a user’s IP address and location, while another 18% of tools collected phone numbers and device make and model.
Mega breaches may not be the biggest threat
While in no way should this take away from the companies' responsibility to secure user data, every major breach is followed by proactive efforts that enforce password resets, among other similar security measures. Google says that phishing remains the number one threat when it comes to account hijacking since phishing campaigns attempt to steal more than just a password.
If you head over to Wccftech's security section and look at stories of just the past few days, you will notice a growing number of malware campaigns that start with phishing and end up gaining intrusive permissions. These permissions and other similar tactics enable attackers to steal not just the login credentials but also read SMS (to bypass 2FA checks), IP addresses, and device information that could be used for account verification.
"By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches."
The company shared this data after looking into black markets and public forums where hackers trade this data along with blackhat tools. Using this analysis, Google says it has implemented additional layers of security to protect its 67 million Google accounts from being abused. Kurt Thomas, Anti-Abuse Research and Angelika Moscicki, Account Security at Google wrote that the company is now making this analysis available to help other tech companies evolve their defenses in order to stay ahead of bad actors and keep their users safe.
"We talk a lot about how airlines don't compete over which one crashes more frequently," Mark Risher, director of product management at Google, said. "Likewise, we don't think security is something to keep to ourselves."