GOT(IT) #29 comes with last year’s cybercrime numbers! It was a year full of heavy losses and hundreds of red flags that continue to prove that passwords are nothing but an insecure protection method. What’s next in the credential scene?
Firefox Aims to End Browser Passwords With WebAuthn
Mozilla’s coming in strong with Firefox 60’s release, packing a new security compatibility that aim to tackle the internet’s greatest pain: passwords aren’t good enough. If it’s not phishing, or brute force, it’s a company that leaks your credentials, there’s simply no definitive password practice.
Well, Mozilla’s moving forward and trying the terrain for a password-less futre, or at least with no conventional ones. Firefox 60 now supports Web Authentication, a technology that lets user change their regular passwords for a physical authentication devices, biometric proof of identity, or other alternative methods.
It resembles two-factor authentication, but some of its variables offer an extra security barrier that involves your physical identity, like your fingerprint!. Not all services and websites are ready to support this, but the most sensible ones, like Dropbox or Google’s tools do.
Mozilla’s the first browser to implement the tool, but Chrome and Edge will follow the example in their next update, covering the top-spectrum of browsers.
FBI’s 2017 Internet Crime Report Details $1.4B in Losses
The FBI is home to the Internet Crime Complaint center (IC3), the official cybercrime-reporting hub for victims and third-parties affected by the never-ending list of online conducted crimes. Each year they release their anual report, and the 2017 edition came with the data of over 301,580 complaints.
That averages to 800 complaints a day over the course of a year, staggering! The total losses caused? Around $1.4 billion dollars. What’s more, $676 million of these losses were from Business Email Compromise (BEC) and Email Account Compromise (EAC) alone.
However, both of these attacks weren’t the most popular at all. Non-payment and non-delivery schemes topped the charts with 84 thousand cases, followed by personal data breaches (30 thousand), and phishing (25 thousand).
Among other curious data released in the report, it was revealed that around 25% of all reported losses corresponded to victims over 60 years old, which reported 49 thousand cases.
Watch the full report here, and consider training your team to tackle and avoid the top threats! A quick conference on phishing prevention won’t take long, and it will boost awareness.
Google Query Mines Accounts From Public Trello Boards
What’s worse than having your credentials leaked because a company didn’t secure their servers? Having your credentials leaked because you didn’t make your Trello board private.
Security researcher Kushagra Pathak shared last week on a post his latest discovery: using a simple Google query, he could mine passwords from public Trello boards in which their users exchanged credentials and logins.
In a nutshell, Pathak discovered that many workers are taking note of login credentials, unfixed bugs, and security vulnerabilities in their public boards. What they might not know is that Google actually indexes the data on these organizers, and that someone could run a quick query to filter them out and access them.
And when we say the query is simple, and hyper-customizable, we mean it: inurl:https://trello.com AND intext:@gmail.com AND intext:password
So take a quick look at your boards and check that they are Private! Having your bugs and plans out there would be nothing but trouble.
Using physical keys as passwords could be the end of phishing, but forgetting them at home would become quite the headache!