Account hijacks is quickly growing into a problem. The issue does not arise because of the lack of security on the side of the account provider, but in most cases because of human error. With that in mind, Google teamed up with the University of California Berkeley in an attempt to understand how this happens and what are most commonly used tools by hijackers.
The results of the research which Google in its blog post claimed to be “immediately useful”, reveal that hacks mainly use two tools to get access (and eventually take over) accounts.
The Gmail provider claimed that in a time period of just 12 months, there were a 7,88,000 login credentials stolen using keyloggers (tools that record what you type in), while another 12 million were stolen using phishing techniques. There was another 3.3 billion who were unknowingly exposed by third-party data breaches, claims the extensive report.
But things could get worse, as the team pointed out that hijackers are taking steps to get more data making it easier to get access to user accounts.
Attackers have begun to use tools that find out the victim’s phone numbers, IP addresses, location and even the type of device; all of which can be used, just in case there is something more needed to get it.
Google said that its research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging.
But the main problem here clearly comes from the user. This is because despite warnings about these types of attacks (third-party breaches in particular) account owners continue to use the same passwords. Indeed, there’s only so much that can be done by big G.
“While we have already applied these insights to our existing protections, our findings are yet another reminder that we must continuously evolve our defenses in order to stay ahead of these bad actors and keep users safe.” said the post.