In the beginning, you probably already understood from the name what these attacks are and what they are aimed at. It is resistance against someone or something. Password attacks that are aimed at damaging accounts. They are programmed to cheat the authentication process to get into the account. After that, the attackers who control these attacks spread their malicious software or steal confidential data from victims’ accounts.

Types of Password Attacks

In this article, we will look at several types of password attacks, their working principle, and their main purpose. Also, consider methods of warning against them.

Dictionary Password Attacks

This is a crude kind of attack through which an attacker works. Because he’s here to pick the most common passwords and try them out for multiple accounts. Also, take into account the dictionaries of the most common passwords and use them. This list of passwords can include the names of your relatives, the names of the dogs, the number, and the year of your birth. What can I do to warn myself against this?

Brute-Force Password Attacks

Attackers use many combinations of passwords and try to use them when entering victims’ accounts. This method is slightly outdated because it is time-consuming and long, but it is standard and one of the most common. There are several types of this attack. Consider the below:

Phishing Attacks

Phishing¹ is aimed at stealing sensitive data through fraud. Through emails, the attacker attempts to compromise the user’s ability to give his data to him. Intruders often use manipulation, extortion, deception, pressure on the user, and other insidious ways to get the user to hand over his bank accounts, account passwords, credit cards, and other confidential data. Examples of phishing attacks you can see below:

Man-in-the-Middle Attack

In this type, the attacker is a third party. It decrypts passwords and messages that are transmitted between users. The attacker intercepts these messages. In this case, he can be called an intermediary. To do this, a hacker uses unprotected communication channels. How to avoid man-in-the-middle attack? How not to give all your information to the attacker?

Password Spraying Attack

This attack focuses on password theft. The process is this: the attacker selects several passwords and sprays on many user accounts. These passwords are taken with password dictionaries. Also, they can be the most common combinations such as password1, qwerty, 1111, and other standard passwords. The attackers think of every move and try to bypass the blocking system so that after some attempts, the account will not be blocked. Password spraying – quite careless, a rough form of attack. After several attempts to log in, the site begins to block the entrance.

Keylogger

The Attacker tries to install monitoring tools on the user’s computer and makes a secret key recording. The information is recorded via a keylogger and then passed to the attacker. Generally, the keylogger is used with good intentions to monitor employees and improve UX, but even here the attackers have learned to turn it for their evil intentions.

Traffic Interception

This type of attack involves intercepting network traffic for data collection and monitoring. The most common way to do this is with connections that do not use encryption. Most often, these can be Wi-Fi connections. Therefore, learn how to use public Wi-Fi safely: risks to watch out for. This attack comes under SSL – traffic that the attacker intercepts through an attempt to connect to a secure website.

How to Prevent Password Attacks

Our data is a part of our life, everyone, and we would not like any hackers to use it against us for their own good and desire for financial gain. Below we will give some tips on how to avoid or prevent an attack by an intruder:

The post TOP 7 Types of Password Attacks appeared first on Gridinsoft Blog.

In this article, we recall the biggest password danger and give tips on how to think up a strong password, protect yourself from password stealers, and not become a victim of a password-related scam. Spoiler: you can’t overestimate a strong password!

Tips that Help to Create Strong Passwords

Passwords are the first data protection measure against hackers and malware, so users should not take them as a formality. The stronger the password guarding your Internet accounts is, the safer your valuable information will be. Users often think that a password is an outdated defense, and if hackers want to break it, they will always find a way to do it. But that is such an ignorant thing to think!

1. Have a unique password for each of your accounts. The email account password should not be your banking account password. If evildoers manage to grab one of your passwords anyhow, they will try to apply it everywhere. However, the rest of your accounts should be impenetrable.
2. A strong password consists of digits, upper-case and lower-case letters, and special symbols. It should also be at least eight characters long. The time difference between brute-force attacks on a weak and strong password is astonishing. An instant against eons.
3. Use anything but your data. No names, dates, favorite colors, or literary characters. Password breakers research their victims, and if they approach your password, they will most likely be already armed with information about you. Don’t ease their work!
4. Make sure you don’t use consecutive keyboard combinations like “qwerty.” These can be cracked very quickly. Also, mind that people tend to make very predictable keyboard strokes when trying to type something “random.”
5. Don’t be too lazy to log out whenever you leave your computer or portable device, especially if it is about your workplace device. Besides, don’t forget about the possibility of signing out from accounts on all devices remotely.

Avoid this in Creating a Strong Password

Of course, cybercriminals might try to hack your password, but there is no guarantee they will succeed. It will take a password cracking program less than a second to break a password like “qwerty”, needless to say about “123”. But the same software will be busy over an 18-character code with letters of both cases, numbers, and special symbols for more than a quadrillion years. The point of maintaining strong passwords is to make a brute-force attack impractical.

• Avoid inputting your passwords on questionable machines that you don’t control. The threat is the possible presence of password-stealing or keylogging malware described above. If you had to do it anyway, change that password as soon as possible.
• The same goes for unsecured wireless networks. The hacking attack via a compromised Wi-Fi is called “man-in-the-middle,” It is fraught with stolen passwords and other credentials.
• Don’t tell your password to anyone, even friends. Never share what you wouldn’t like your enemy to know with a friend. And that is not because your friends are wrong.
• Change your passwords from time to time. People hate doing that, but all safety precautions seem excessive until found saving. Disagree when a browser offers you to store your passwords. Always select “never.”
• Try not to write your password on paper at your workplace. Someone might find it, and chances are high – somebody will. Remember, people think they are safe because they consider themselves uninteresting to crooks. But that is not always so.

Cyber Criminals Hack Passwords

Use a two-factor-authentication! Google has made it obligatory for its accounts, and that is good! It is reasonable to activate it on all accounts where it is possible. You will need to confirm your identity by clicking one button on your mobile phone as you or someone else is trying to access your account.

Phishing attacks

Phishing is one of the most dangerous attacks in terms of password protection for one simple reason – they don’t imply breaking passwords. Phishing doesn’t even need malware! A successful phishing campaign is sheer deception and social engineering.

Victims themselves deliver their credentials to the frauds, mistaking them for someone legitimate. However, since you are reading this, you will hopefully know that unexpected letters, even more so – attachments to them or links inside, are something to be careful with. The topics of such letters are:

• Often a delivery that is waiting for you.
• A money transfer.
• Something tempting like a sudden lottery win.

Often criminals offer their victims to confirm their passwords on a seemingly trustworthy website (like Facebook) that turns out to be a spoofed web page. The login and password entered into the form on that site go straight to the crooks.

Form-Grabbing

While phishing usually uses fake websites, hackers can intercept the data of any actual sign-in form. That is possible with the help of a form-grabber, a Trojan-delivered malware that runs on the victim’s machine. It does not mess up the user’s communication with the website, but the form data is copied and delivered to the crooks.

Like any other malware¹, form-grabbers end up on victims’ computers via common routes: dubious websites, questionable downloads, and unexpected emails and messages with attached files. Security programs like GridinSoft Anti-Malware are good at detecting and removing this class of malware.

Brute Force Attack

Exhaustive search (or brute-force search) systematically checks all possible keys to the problem until the solution is found. Its effectiveness is undeniable. If the key consists of four digits, a person will have spent a lot of time checking all the variants between 0000 and 9999. A modern computer will do the job in less than a second, giving an obvious advantage over the human.

But what if the password is a 24-character word that includes letters, capital letters, digits, and special symbols? Brute force is useless here as it will take years to break such a password. Brute-force search effectiveness can be heightened considerably by lists of candidate solutions. Dictionary attacks are a form of such assistance.

Dictionary Attack

A brute force attack is an ideal procedure that will potentially break any defense. Dictionary attacks combine brute force features, namely the automatic picking process, with algorithms that operate with the supposed vocabulary of a person who is believed to be the one who thought up the password. If you set a goal to create a strong, randomly formed password, you will succeed, of course. But people rarely do that.

NOTE: Password counter services put Internet users at risk. Change your password to a more secure one immediately!

Password choice is usually determined. The basis of the password is often a word, a name, or a date that means something to the victim. People tend to add some digits to that word for show. Adding special symbols is too much for the average practice.

Understandably, if the malefactors possess the names of the victim’s family members, their dates of birth, and other information, they can use only the variations of these words and numbers. If that works – the password will succumb much earlier.

Keylogger Malware Attack

Keyloggers² are a type of malware. Such programs can be injected into the victim system as Trojans. As a keylogger runs, it records every key pressed by the user and sends these records to the hackers who introduced the keylogger into the victim’s device. It is easy to harvest passwords from such logs after that.

What can limit the effectiveness of a keylogger is the usage of a virtual keyboard (who would do that, though,) password manager, and of course, anti-malware software.

Password Stealer

Password stealer is Trojan-related malware capable of extracting saved passwords from programs that store them for users’ convenience, like web browsers, for example. Google Chrome keeps passwords on the users’ cloud accounts, but some browsers still store passwords on the machine serving as local password managers. Stealers are pretty detectable, and GridinSoft Anti-Malware, for example, has no problem quarantining them instantly. You should learn and understand the need to change the default password of any network device to a strong one.

Data Breach Attack

Eventually, hackers can steal passwords to Internet services otherwise. If the servers belonging to the service in question are breached, the malefactors might get access to their user’s passwords. It is hardly possible to oppose anything to such a threat; however, large companies have efficient data protection systems, so it is reasonable to trust them.

Malware Takes my Passwords?

Strong passwords are a must-have basis for data security. However, some harmful programs and malicious hacker techniques are designed not to break your password but to steal or detour it. Here are examples of well-known password-stealing malware.

IMPORTANT INFORMATION: Spam emails are still the most popular way for viruses to spread. Smoke Loader – password stealing malware just added a new way to infect your PC.

RedLine stealer is a malware-as-a-service product sold on hacker black markets. After it is purchased, it is distributed as a Trojan. For example, there were cases of Redline being disguised as a Windows 11 update. When it is infiltrated into the victim’s machine, the malware behaves like a versatile stealer of passwords and other credentials.

The notorious email spread virus “I love you,” which led to the shutdown of email servers worldwide back in 2000, also contained a password-stealing Trojan that grabbed passwords from the compromised systems and sent them to the server in the Philippines.

A Few More Words on Malware

As for the most recent events, in March 2022, more than 100,000 Android users have suffered from a Facestealer – a password-stealing malware that masks itself under the Craftsart Cartoon Photo Tools application.

Understandably, a stolen password is no fun. It may lead to information theft, digital vandalism, fraud, and identity theft as an apogee of the event’s vile impact. Protection against password-stealing malware is no less important than having strong passwords.

The post Use Strong Passwords to Can’t be Hacked appeared first on Gridinsoft Blog.