Beware Of Credential Charging Attacks, Here Are Some Things You Need To Know

Photo: Password illustration (photo: Kaspersky)

JAKARTA - global cybersecurity firm Kaspersky finds millions of accounts to have been victims of annual credential charging attacks. Because this method is one of the most effective ways to infiltrate someone's account.

These attacks usually take advantage of the bad habits of many people, who use the same password for some services and sometimes even rely on one password for all accounts.

Kaspersky explained that the perpetrators of this crime will take advantage of the large database of usernames and passwords that have been obtained previously for accounts listed on various platforms.

They then tried this credentials en masse on other online services, hoping some would work. As a result, the attacker will definitely manage to hijack the account with the password the victim used on other platforms.

There are three main sources of cyber actors who managed to find the victim's password, the first is via phishing links or phishing sites.

Second, the password is tapped with a special malware known as the Stealers, and the third is a leaked password via online service breaches.

"It's important to note that any service usually doesn't store passwords in plain texts but uses so-called hash," the company said.

After the attack is successful, the attacker needs to solve this hash. The simpler the password says, the less time and resources it takes to solve it.

Therefore, users with weak passwords are the most at risk after a data breach occurs.