Password-Stealing Attacks Surge 45% in Six Months

Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according to Kaspersky.

The Russian AV vendor analyzed incidents of Trojan-PSW – a specialized stealer capable of gathering login and other account information.

It noted 160,000 more targets in September 2021 than April, with the total number reaching nearly half a million. That’s an increase of 45%.

“As statistics show, logins, passwords, payment details and other personal data continue to be an attractive target for cyber-criminals and they remain a popular commodity on the dark market,” explained Kaspersky security expert, Denis Parinov.

“For this reason, we encourage internet users to take extra steps to protect your accounts. For example, by using multi-factor authentication (MFA) methods. Increased scammer activity using password stealers also suggests the need for users to be more careful, not to follow unverified links and to use an updated security solution.”

Most US insurers now mandate MFA as a minimum security standard to qualify for coverage. In fact, last month, it was revealed that the tech CEOs who met President Biden for a recent White House summit claimed MFA could thwart as much as 90% of attacks.

However, it’s not a panacea. One-time passwords generated by text message can be intercepted via SIM swapping and other techniques. For that reason, Microsoft last year urged organizations to move away from MFA methods relying on phone networks and towards authentication apps.

Kaspersky has also seen a sharp rise in overall attempts to compromise users. It noted an increase from 24.8 million attempts in Q3 2020 to 25.5 million in the third quarter of 2021, a rise of almost 30%.