Multifactor authentication matters: 45% more users attacked with password stealers in last six months
October 2021 by Kaspersky
Cybercriminals are constantly coming up with new methods for online fraud, and there has been an increase in such activity in recent months. Kaspersky experts noticed increased activity from fraudsters stealing passwords by using special malware called Trojan-PSW – these are stealers capable of gathering login and other account information.
Kaspersky experts analysed data from 2020-2021 (January to September) on the number of attempts to infect and targets. According to their research, there is a growth in the number of attacked users during this time. For example, there were approximately 160,000 more targets in September than in April, an increase of 45%. In recent months, Kaspersky experts have also seen a sharp rise in the number of attempts to infect users: Q3 2021 (July to September) saw an increase of almost 30%. The total amount of detections also increased compared to the previous year: from 24.8 million to 25.5 million.
Number of users attacked with Trojan-PSW during first nine months of 2021 “As statistics show, logins, passwords, payment details and other personal data continue to be an attractive target for cybercriminals and they remain a popular commodity on the dark market. For this reason, we encourage internet users to take extra steps to protect your accounts. For example – by using multifactor authentication methods. Increased scammer activity using password stealers also suggests the need for users to be more careful, not to follow unverified links and to use an updated security solution,” comments Denis Parinov, security expert at Kaspersky.
To avoid falling victim to malicious programs and scams aiming at stealing credentials, Kaspersky advises users to:
• Always keep software updated on all the devices you use to prevent attackers infiltrating your network by exploiting vulnerabilities
• Use strong passwords to access corporate services. Use at least two factor authentication to access your account
• Avoid posting online personal information that may give away your identity, such as your address, your personal phone number, your email address, and so on. Before sharing anything, consider the unintended consequences and do not share anything that might compromise your or someone else’s privacy