3 Ways, Passwords are Failing the Enterprises
Atharva Chincholkar February 22, 2021 Uncategorized
Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords.
In this blog I will be discussing 3 different ways passwords are failing the enterprises with 3 latest incidents.
Sequoia Capital Phished, Hacked
Sequoia Capital, one of the biggest venture capital firms has told their investors that some of their personal and financial information might have been stolen, according to Axios. This was a result of their cybersecurity investigation indicating that a third party might have accessed this information.
This incident resulted due to the email credentials of an employee who was phished successfully. Phishing attacks have always been very effective to steal credentials. Even after Sequoia has invested in many cyber-security companies, the inherent problem of passwords remains. When presented with an extremely convincing phishing page, giving away passwords is easy. Such phishing pages can be easily created using a tool like LogoKit.
Govt of India various Department's Passwords Leaked
Sakura Samurai, a hacking group has found a number of exposed credential pairs, Sensitive files, Personally identifiable information, Sensitive police reports, Session hijacking and Remote code execution in some of the Indian government servers. While this list is alarming in itself, the data that might have been exposed in this breach would have far more impact due to the nature of data exposed.
Along with the above list, the credentials of servers that were stored on these exposed servers have been compromised. This allows attackers to access servers which might not have any other security flaw, simply because of the leaked passwords. This leads to a chain of breaches which cannot be stopped as more and more credentials are stolen, just like SUNBurst supply chain attack.
Yandex Insider shares passwords
On February 12th 2021, Yandex, the largest search company in Russia and one of the largest internet companies in Europe was hit by an insider attack. One of the employees with access rights to provide technical support for their mail service was selling access to the users’ mailboxes. A total of 4,887 mailboxes were compromised. The employee was one of the three administrators with the relevant access.
The company said that they have blocked access to the affected mailboxes and notified the users to change their passwords. The breach was discovered during a routine security screening.
Eliminating passwords instantly improves enterprise security by greatly reducing the attack surface. Phishing & insiders attacks are totally eliminated by eliminating passwords.
The daily headlines about premium organisations getting breached proves that no organisation is hack proof. Only PureAUTH Passwordless platform provides Breach Resilience. Even in case of a breach, PureAUTH ensures the enterprise applications are secure from unauthorised access.