Pt 2: Hackers now have your password

By RJ Gazarek

So let’s pick up where we left off. Explaining to the world that the reason your account was hacked was probably NOT due to some sophisticated state actor from China or Russia.

So to recap, the top 3 reasons you were most likely hacked were:

  • You had a different account that was already compromised
  • You downloaded a malicious program on your computer without knowing it
  • You accidentally gave your password to someone without knowing it

We covered the 1st one in Part 1 so let’s move on to the second one now.

You downloaded a malicious program on your computer without knowing it

Unfortunately, out of all of the ways your account could be compromised, this is probably the easiest one and the one that is happening more often than not these days.

Attackers are starting to get smarter and more sophisticated with getting the average person to install malicious applications on their computers. It’s important to always be aware, so here are the two primary ways this happen:

Visiting a Malicious Website

The internet is full of exciting, informational, and wonderful content (such as this very article!) but it is also full of just as much terrifying stuff. It’s not always easy to know, either, if you’re on a malicious website or a good one. One rule of thumb, never download an application unless you know exactly what it does and you know exactly where you’re downloading it from. If you’re ever unsure, a handy tip is to simply google “Is application.exe safe” and replace ‘application’ with what you’re attempting to download.

When it comes to your work computer, it’s better to be safe than sorry, and never download applications from anywhere. Always submit an IT/Helpdesk ticket to install any software that you need on your computer.

Receiving a Phishing Email

This is happening more and more every day, as it’s arguably one of the easiest ways to get into a network. Malicious attackers are sending emails to regular, non-security aware employees, to try and get them to download a file that will run a malicious program. They are even able to make the email seem like it’s coming from another employee! It’s not hard to find out who else works at your company and to send you an email that looks like it’s coming from your CEO. Often times they will send an email that says something like “Please review the attached invoice”, and when you click on that file and open it, a malicious program will run and start installing malware on your system. This malware sits and waits until you or an IT admin types in their password. Once it captures it, it can send that password back to the attacker to use.

Protecting passwords is everyone’s responsibility – if your organization has not put you through any type of security awareness training, we highly encourage you to ask your Security or IT Department if they can. If there is no time for it, we have a lot of free resources where you can help educate yourself, such as:

1.) Privilege Security eLearning Course Free- Boost your career and your credentials with this private online course that teaches you the basics of Privileged Account Management.

2.) PAM for Dummies- A fast and easy read to get your up to speed on Privileged Account Management security basics.

Hopefully, these are helpful for you and look for Part 3, where we talk about how you could accidentally give your password to someone without even knowing it.

Source:: Thycotic