Account hijacking occurs when an individual or organization gains unlawful access to someone else’s account. Accounts may range from emails, social media, banks, (non)-proprietary software, the cloud and many more. These schemes can often lead to identity theft, IP theft, account takeover, resale of information and other illegal activities with the potential for incalculable damage to the individual, organization and society. Depending on the system, user and malicious actor activities, it can take days, months and even years for the threat to be discovered and even longer for changes to be enacted.
Credential Stuffing: Uses a prior list of account credential breaches that have occurred previously to attempt to log in to someone’s account elsewhere. It uses the assumption that many have the tendency to use the same passwords in multiple environments.
Phishing: a type of attack in which malefactors will often use social engineering to convince or lead victims to relinquish sensitive information. Some examples are:
Hijacking via fake website login authentication
Hijacking via website malware
Hijacking via malware advertisement added to legitimate websites
There are numerous ways in which accounts are being hijacked in today’s environment and unfortunately, the vectors keep increasing daily.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
Accounts are often seen as the entrance point to access someone’s data. Since data is perceived to be the gold of the 21st century, many opportunists will go to great lengths to gain access to it. Once access is granted, hackers may be able to: Extract individual’s personal information.
The cyberworld can seem like a scary lawless place, however, when someone takes ownership of their cyber hygiene, account hijacking becomes a less common occurrence.
Cyber security as it relates to account hijack continues to be an ever-growing challenge to individuals and organizations alike. To help improve one’s cyber hygiene, GPetrium created a short list of actions everyone should take:
As society becomes more advanced, technology will continue to become more complex and intertwined to the digital world. Further, given the continuous increase in the number of active users around the world, it can only be expected that cybercrime will continue to grow and evolve. It is in the hands of every individual and organizations to continue to learn about cybersecurity and take proactive steps to limit their exposure which will ensure lower levels of disruption and continuous prosperity.
The opinions in this article is of the authors and do not reflect clients or other’s views.