In recent years Proofpoint has observed cybercriminals using tactics to increasingly try to log in, not hack in, with a focus on identity theft.
This latest leak appears to be a culmination of data from historic breaches, but the sheer scale of data available means it is likely we may see threat actors carrying out credential-based attacks in the coming weeks.
Credential theft is nothing new globally, and in the UAE, our recent data revealed that among UAE organizations that experienced an attempted phishing attack last year, 86% of these were successful. Of these successful attacks, 26% resulted in credential theft and/or account compromise, where employees invertedly expose their credentials, giving threat actors access to sensitive data and their business accounts.
In light of this, Proofpoint urges all individuals to practice good password hygiene and make sure they are using unique passwords across all the services they use. They should look out for breach notifications from any services they use and change their password if their credentials may have been compromised. Always validate any breach notifications with the websites directly, as whilst we are yet to see any evidence of it, it’s quite possible scammers will leverage breach notifications as a topical means to trick their next victim. The noise in public surrounding the MOAB provides them with the pretext, so stay aware.
Proofpoint’s cyber-hygiene tips:
• Data loss events are widespread, so it’s important to create a unique password. Use three random words to create a strong and memorable password and enable multi-factor authentication (MFA) where possible.
• Timeliness is a key consideration for cybercriminals. Be wary of unsolicited emails, texts or adverts offering unbelievably good deals on items you have been searching for, and deals that look too good to be true suddenly appearing in your inbox.
Click below to share this article