Have you heard that electronic accounts are accessed without permission or denounced by their owner ... In this case, learn about the Credential Stuffing attack that hackers use to gain access to accounts without the permission or permission of their owner. The informatics world is also not without risks and threats related to data theft in order to obtain unauthorized powers and this is what happened to many users who found that most of their accounts were accessed without permission or permission from them ... And in the following of this post We will participate in one of the cyber attacks that penetration testers use to gain access to the sites and accounts of people without being involved with them, by means of which you can restrain and protect you from this attack.
Credential Stuffing
What the cyber criminals will seek about is obtaining anything that can be exploited or sold, and here they devote most of their time to learning, pure and experiment ... As for the topic of the day, cybercriminals are striving and behind getting databases that contain both passwords and names Users and these rules are affiliated with large sites that include a large number of users and are already either to sell or exploit them to complete the breach with one of the techniques that are called in the world of information protection Credential Stuffing
What is a Credential Stuffing attack?
With a brief summary so that the concept of Credential Stuffing is clear to you is one of the leading types of cyber attacks in the world of information protection shown on the basis of exploiting their usernames and passwords that were stolen from one of the hacked databases and re-used to try to open or log in to second accounts belonging to the same users with the same The username and the stolen password to obtain unauthorized access to the account ... Maybe you encountered some complications to understand the attack, but my friend does not have to be my friend, because in the following we will look at explaining the steps of the attack and then it will make it easier for you to understand it well.
Steps to attack Credential Stuffing
The entire attack is based on 4 basic steps. They are as follows:
Step 1 - Take advantage of the breach on the databases - this stage is purely a basis and penetration test on all servers affected by security holes that include a database with each of the user names and against every username his password.
Step 2 - Creating a database for the hacker - This step comes immediately after the process of searching and retrieving the data obtained from the databases that have holes and which have been penetrated as in the first step ... and that data obtained is inserted into a database of the manufacture of the burner itself, i.e. To get a clearer idea, all of that stolen data from specific sites is collected in one hacked database.
Step 3 - Create auxiliary programs in the Credential Stuffing process - with this step the hacker builds software that helps him to complete the online attack and this program is designed primarily to experiment with the content of the hacker's database that includes millions of passwords and user names on other sites until the hacker obtains an entry permit To the site through one of the passwords and username, start from the database that was designed.
The fourth step - began testing the unauthorized access to the sites - in this case the hacker has designed his own database containing millions of user names and passwords for accounts and also has designed an assistant program that helps him to test all those usernames and passwords on other sites , The last step to start testing on the sites is for the hacker to obtain a password and a username for a victim’s account that enables him to access the account on the site.
The best way to protect you from this attack
One of the mistakes that users make while registering for a new account, is that they use one user name and one password on many accounts, and here if an account has been hacked and knowing the password used to log in on it, this means that all the other accounts in other sites that use the same The password will be easy to breach through this attack ... But there is a reason why the user uses one password and one user name and this is because it is difficult to remember passwords especially if you have a lot of accounts, and here it is the most effective and best option What will make it easier for you to remember passwords and also protect you from this type of attack is the use of password management software ...
Password manager or password manager programs make it easier for you to create and manage passwords for your own accounts without having to remember passwords because it automatically creates a strong password for the account and also automatically helps you to log in to websites or to your personal accounts without having to type password.
Author: Badr Al-Din Fahim
ليست هناك تعليقات:
إرسال تعليق