Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Expert comment: US Car Giant General Motors hit by Credential Stuffing Attack

May 2022 by Experts

Following the news that US Car Giant General Motors was hit by a credential stuffing attack last month that exposed customer information and allowed hackers to redeem points for gift cards, Multiple expert comment from Checkmarx and Delinea:


Stephen Gates, Security Evangelist at Checkmarx:

“Today’s credential stuffing attacks are all run by bots. First, attackers compromise user credentials from some random site like a free email service, or buy lists from the dark web. Then they commission a botnet and instruct their bots to try the same username/password on as many other sites as possible, hoping to gain access to something financially related.
Since it appears nothing will stop people from using the same credentials on multiple sites, a two-factor authentication (2FA) challenge should be mandatory across the board. Also, this challenge should not go to an email account (since that may already be compromised,) but to a physical mobile device.
Organisations often do not turn on 2FA because they will have to pay the surcharges for millions of text messages used in the 2FA challenge.”

Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea
“The username and password combo does not suffice anymore, and passwords remain one of the biggest cyber challenges for both consumers and businesses. People tend to create passwords that are easy to remember, often incorporating birthdays or special dates that are usually openly disclosed on social media, where cybercriminals can easily find them. Most importantly, there is the habit of reusing the same credentials across several accounts, with minimal variations.
Regular consumers should consider using a password manager to enhance their log-in credentials with unique passwords for every account that are long and complex, however businesses should look beyond password managers and extend their perimeter access security to contractors, partners, and customers using a privileged access management solution that includes increased security controls and auditing.”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts