A variant of these attacks known as man-in-the-browser attacks targets financial communications and corrupts the user's browser with a fake extension hiding malware designed to intercept transactions and redirect funds to an account controlled by the cyber thieves. Compromised privileged access System administrator accounts and other privileged users are a prime target for cybercriminals as their credentials give them broad access to an organization's systems.
Once a crook gains control of a privileged identity they can extract data compromise systems and bulk-collect additional credentials for further attacks. A recent example is the teenager who stole the Whatsapp Mobile Number List credentials of a major social media company and took over the accounts of celebrities and politicians to post messages requesting cryptocurrency donations. The high school kid stole over 100000 in bitcoin in just over an hour - and a three-year jail sentence.[6] All of these attacks combined mean that identity is even more valuable than it was 10-15 years ago Grundy said.
How to mitigate identity-related risks To manage the risk of identity-based attacks and mitigate the potential damage organizations must improve their identity and access management without sacrificing the ease of day-to-day operations. A number of best practices can help Password hygiene Policies that require strong and regularly changing passwords can strengthen an organization's security posture and deter attempts to snoop on passwords and fill in credentials. A number of tools can automate enforcement.