Five tips against identity theft

Criminals are targeting identities primarily through phishing technologies (67%) and malware (33%). That's according to NTT Security's 2019 Global Threat Intelligence Report (GTIR). According to the report, phishing attacks target GTIR 2019 on Google (27%) and especially on Microsoft accounts (45%), most notably Office 365. However, Microsoft applications are not only popular targets of phishing attacks, malware spam campaigns are also a big problem. Over 95% of identity theft-related malware targeted vulnerabilities in a Microsoft Office application or operating system, with nearly 35% exploiting the CVE-2017-11882 vulnerability.

The Trickbot Trojan (62%) plays a major role in keylogger malware. Previously, Trickbot only targeted bank data, but the new variant can also grab passwords from other applications.

The impact of identity theft on companies is enormous: millions in damage can quickly be incurred when fraudsters pose as company directors and direct payments to false accounts. Industrial espionage or blackmail, including ransom demands, can also have serious financial consequences. If companies no longer have access to important data, for example in the event of a ransomware attack, ongoing operations are disrupted or, in the worst case, come to a standstill.

Five measures

With five tips from NTT Security However, companies can make identity theft more difficult and take the right measures in an emergency:

1. First, companies need strong passwords. Weak passwords are often still the biggest security weakness. If the same or a very similar log-in is used for different accounts, hackers can reuse stolen credentials. For real protection, users should have to prove or enter a second factor for authentication in addition to the password, which an attacker cannot know or possess. Modern tokens in the context of multi-factor authentication (MFA) are an effective solution. Some sort of unique password is generated for each authentication process - for example, a code sent via SMS or a push message prompting "confirm" or "deny." Multi-factor authentication is especially necessary for systems that require administrator rights to access. This makes it much harder for attackers to gain access to sensitive information and networks by using old usernames and passwords. In addition, electronic data should be encrypted and documents protected with digital signatures.
2. Not every employee needs to be able to access every area on the company's network. Companies should segment the network and define exactly who has what rights. This is especially true for cloud and hybrid environments. This way, criminals who gain less privileged access cannot immediately penetrate the entire company network.
3. An important point is the training of the employees. Targeted training on security policies, current threats and how to deal with them increases the vigilance and awareness of individual users. Among other things, rules should be defined that specify behavioral patterns for e-mail inquiries regarding bank transfers.
4. An incident response strategy helps in the event of an attack. In addition to the question of the appropriate response, the main question is whether and how quickly an incident can be detected at all. Answers are provided by a comprehensive real-time view of network traffic and sophisticated logics for successful analysis. When an incident does occur, those responsible must first qualify, assess and classify a security incident. Critical to this is the context and associated risks, as not all incidents are security incidents and have the same impact. After identifying the problem, the next task is to stop the cyber attack and limit the damage. To do this, IT staff must use a security playbook that details how to proceed to examine in detail all potentially affected components, such as operating systems, configuration files, applications and data, and also initiate the necessary data recovery measures if necessary. Ideally, a disaster recovery plan (DRP) exists that describes exactly how the damaged company is to deal with a security incident, what measures are to be initiated and who is responsible.
5. An identity governance strategy is a prerequisite for fending off targeted attacks. Put simply, identity governance is about combining policy-driven identity management with compliance. The concrete requirements include, for example, the company-wide assignment of roles and authorizations, the regulation of user access and the monitoring of the fulfillment of compliance requirements. In view of the fact that many companies lose track of which services are running with which account on which server or which cloud, the topic of identity governance is of great importance.

"There is no such thing as one hundred percent protection against identity theft. This makes it all the more important for companies to consider basic points," explains Frank Balow, Director Identity & Key Management EMEA at NTT Security. "With stolen identities, hackers can penetrate deeper and deeper into corporate networks. Even if the initially stolen username and password does not yet allow access to highly sensitive areas - in combination with social engineering or with other known or obtained passwords, attackers can get further and, in the worst case, carry out dedicated attacks. Compromised accounts can also be used by attackers to launch external attacks on business partners and customers."

Source: NTT Security