Encircle News!

Retro Game Arcade
, , ,

Battling account takeover and identity theft: effective countermeasures revealed

TechRadar – All the latest technology news

Account takeover is a serious threat to everyone. Cybersecurity experts have warned about this issue for years, and we must take it seriously. Our credentials being leaked can result in identity theft and cause significant harm to us. While there are resources available for users to check if their details have been compromised, it's essential to understand that by the time your username and password have been leaked, cybercriminals will likely have had access to them for at least six months.

Preventing breaches requires a lot of effort, but assuming that a breach is always possible is essential. How can companies detect breaches, identify data, and protect it before it gets leaked? A massive amount of data is mined through dark web monitoring, and many automated free and commercial tools can be used as a valuable line of defense. The most common types are scanners that search through lists of stolen data “dumped” online. This stolen data can be anything useful to a person or entity, meaning there could be a lot of data to search for.

Most obviously, for consumers, this relates to user credentials from compromised accounts, but it could also include social security or National Insurance numbers, passport details, or financial data. The most well-known consumer tool for people to see their exposure is Have I Been Pwned?, which allows individual users to scan for their details. More recently, we have seen exciting developments in tools focusing on consumer data and company company specifications ranging from standalone documents to intellectual property. This has value to any organization or enterprise concerned about exposure to cyberattacks.

The challenge for all dark web monitoring tools is dealing with scale, relevancy, and speed of information. When it comes to scale, it’s hard to estimate how large the dark web is as a subset of the wider deep web, especially considering it is several hundred times larger than the standard internet we access daily. This means scanning tools must be able to identify and focus on dark web locations. This is where relevancy and the speed of identifying data apply because much of it is only dumped into dark web forums after criminals have had their use out of it. Multiple dumps of the same data are also often made across different forums and sources; in our experience, this is the case for 70% of the data we find.

Companies use more advanced processes and skilled cyber personnel to address the need for speed, as more sophisticated techniques are required to find actionable breach data. One method is to become an active part of the dark web community. This doesn’t mean becoming a criminal or hacker. Still, to identify and stop them, we need to view things from the attacker’s perspective, identifying hacker groups and understanding how the process works. For example, a hacker may have the complex skills needed to expose company systems and access credentials but may be faced with an encrypted password database. Unless they can decrypt that data, what they have is useless. So, what do they do with that data? Sell it? Mine it? They don’t necessarily have all these skills, so they will turn to the dark web to find people offering decrypting and monetization services.

Researchers – real humans – are part of this community through a network of pseudo-identities (sockpuppets), and analysts monitor hacker activity in specific locations known to specialize in stolen data. For security companies, this means going deep into the community to find people, places, and methods for identifying miscreants. We can engage with them before data is available in an unencrypted form on the dark web. This reduces the detection part of the process to a few weeks instead of six months, increasing the likelihood that data can be identified before it is usable. Companies affected by a hacker takeover can proactively manage end-user accounts and limit the risk of fraud or identity theft.

Account takeover continues to be a genuine threat, but basic cybersecurity hygiene can help mitigate this in the first instance. The common denominator with any online account is that they all need a password to be accessed. While most people know they should be using strong, unique passwords and phrases for every account, it can be challenging to remember which credentials they need to be using. It’s why we, and all our industry colleagues, recommend using a password manager. Why make life more complicated when you don’t have to?

More from TechRadar Pro

https://www.techradar.com/news/from-account-takeover-to-identity-theft-what-can-be-done

Follow Us

Featured Posts

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny This Week in Tech (Audio)

How Bluesky, Alternative to X and Facebook, Is Handling Explosive Growth Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Biden Asked Microsoft to "Raise the Bar on Cybersecurity." He May Have Helped Create an Illegal Monopoly. CFPB looks to place Google under federal supervision, setting up clash Apple's Tim Cook Has Ways to Cope With the Looming Trump Tariffs Apple Removes Another RFE/RL App At Request Of Russian Regulator Here's Why I Decided To Buy 'InfoWars' Elon Musk's X Corp. files notice in Alex Jones' Infowars bankruptcy case Spotify's Plans For AI Generated Music, Podcasts, and Recommendations, According To Its Co-President, CTO, and CPO Gustav Söderström This 'AI Granny' Bores Scammers to Tears Congress ponders underwater alien civilizations, human hybrids, and other unexplained stuff In Memoriam: Thomas E. Kurtz, 1928–2024 Host: Leo Laporte Guests: Alex Kantrowitz, Daniel Rubino, and Iain Thomson Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit
  1. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  2. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  3. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  4. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing
  5. TWiT 1002: Maximum Iceland Scenario – Data Caps, 3rd Party Android Stores, Nuclear Amazon