Cyber security experts detected increase in identity theft. Industry insiders say, “It makes sense.” Knowing a person’s credentials is the same as having a key to their house. The criminal will insert the key into the lock and enter the house without arousing suspicion or setting off the alarm. The same is true in the infinite universe of the Internet. If the cybercriminal gets the key, he can take action without anyone knowing. This is what happened with the cyber attack detected on pet records Consell Valencià de Col.legis Veterinaris. started andl On July 7 credentials stolen from a user. Thus, they logged into the system without causing any security alerts. The attack continued until September 29, when the CNI’s National Cryptology Center arrived on the scene and confirmed that such data theft had been replicated in Galicia and Cantabria.
CEO and founder of S2 Grupo (a specialist company) José Rosell, an expert in the field of cybersecurity and cyberintelligence, assures that the “mode of operation” of what is happening with pet records is rapidly increasing because “once they get the key and the alerts are not ringing, they can gradually steal the information. If they do it in bulk it can raise suspicion, but they steal the data little by little and on top of that.” If they access it ‘legally’ things get complicated.
The expert confirms that Administrations do not hesitate to invest enormous amounts of money in cybersecurity to try to protect their infrastructure, but “the exposure surface is enormous.” The surfaces that need to be covered in a house are doors and windows. In the digital case, doors and windows are in the thousands. Any mobile phone, computer or device belonging to an official can be a gateway. There are three main ways to access: People, technology and processes.. “What cybercriminals use most is a person-related vulnerability.”
Like this, Identity theft is on the rise. “And on top of that, people have a habit of having weak credentials that can be easily cracked. There are programs designed to crack passwords, so if they’re not strong it’s easy to do. Moreover, as if that weren’t enough, people have the same password for everything. So if criminals find the password , they need to test where else the password works and reuse it. Or sell it. The market for selling credentials is huge.”
What are you, what do you know and what do you have?
So what to do in this situation? Rosell emphasizes: The first thing at the user level is to “have different passwords” for all things and their being sound, that is, At least 15 characters, uppercase letters, lowercase letters and numbers“. Secondly, report it. Both when you are the victim of an attack that has already taken place and when you know they are trying to do it. “Only 15% of cases are reported and we do not know the extent of coverage. from this. Traditional crime has been stabilized. Cybercrime is increasing by approximately 30% every year. This is a tremendous thing, but people don’t realize it. If the keys to our house are stolen, a person’s heart stops. But they have the same password for everything.”
Security at the Corporate and Government level includes doubling or even tripling authentication systems Knowing that the user is who they say they are. Rosell describes it as black on white. “Control systems are based on three elements: what you are (fingerprint, facial recognition…); what you know (password, username…); what you have (the number just sent to your phone); email access… ) A secure access control system is a system that has at least two of the three authentication controls (what you are and what you know; what you have and what you know…). no need to complain about authentication proceduresbut to thank them and build them up. We need to make it harder for criminals and recognize the problem,” the expert concludes.