Battling account takeover and identity theft: effective countermeasures revealed

The best small keyboards
(Image credit: Logitech)

Account takeover is a serious threat to everyone. Cybersecurity experts have warned about this issue for years, and we must take it seriously. Our credentials being leaked can result in identity theft and cause significant harm to us. While there are resources available for users to check if their details have been compromised, it's essential to understand that by the time your username and password have been leaked, cybercriminals will likely have had access to them for at least six months.

Preventing breaches requires a lot of effort, but assuming that a breach is always possible is essential. How can companies detect breaches, identify data, and protect it before it gets leaked? A massive amount of data is mined through dark web monitoring, and many automated free and commercial tools can be used as a valuable line of defense. The most common types are scanners that search through lists of stolen data "dumped" online. This stolen data can be anything useful to a person or entity, meaning there could be a lot of data to search for.

Most obviously, for consumers, this relates to user credentials from compromised accounts, but it could also include social security or National Insurance numbers, passport details, or financial data. The most well-known consumer tool for people to see their exposure is Have I Been Pwned?, which allows individual users to scan for their details. More recently, we have seen exciting developments in tools focusing on consumer data and company company specifications ranging from standalone documents to intellectual property. This has value to any organization or enterprise concerned about exposure to cyberattacks.

The challenge for all dark web monitoring tools is dealing with scale, relevancy, and speed of information. When it comes to scale, it’s hard to estimate how large the dark web is as a subset of the wider deep web, especially considering it is several hundred times larger than the standard internet we access daily. This means scanning tools must be able to identify and focus on dark web locations. This is where relevancy and the speed of identifying data apply because much of it is only dumped into dark web forums after criminals have had their use out of it. Multiple dumps of the same data are also often made across different forums and sources; in our experience, this is the case for 70% of the data we find.

Companies use more advanced processes and skilled cyber personnel to address the need for speed, as more sophisticated techniques are required to find actionable breach data. One method is to become an active part of the dark web community. This doesn’t mean becoming a criminal or hacker. Still, to identify and stop them, we need to view things from the attacker’s perspective, identifying hacker groups and understanding how the process works. For example, a hacker may have the complex skills needed to expose company systems and access credentials but may be faced with an encrypted password database. Unless they can decrypt that data, what they have is useless. So, what do they do with that data? Sell it? Mine it? They don’t necessarily have all these skills, so they will turn to the dark web to find people offering decrypting and monetization services.

Researchers – real humans – are part of this community through a network of pseudo-identities (sockpuppets), and analysts monitor hacker activity in specific locations known to specialize in stolen data. For security companies, this means going deep into the community to find people, places, and methods for identifying miscreants. We can engage with them before data is available in an unencrypted form on the dark web. This reduces the detection part of the process to a few weeks instead of six months, increasing the likelihood that data can be identified before it is usable. Companies affected by a hacker takeover can proactively manage end-user accounts and limit the risk of fraud or identity theft.

Account takeover continues to be a genuine threat, but basic cybersecurity hygiene can help mitigate this in the first instance. The common denominator with any online account is that they all need a password to be accessed. While most people know they should be using strong, unique passwords and phrases for every account, it can be challenging to remember which credentials they need to be using. It’s why we, and all our industry colleagues, recommend using a password manager. Why make life more complicated when you don’t have to?

More from TechRadar Pro

Tom has been at F-Secure for 10 years in a number of technical and customer journey related roles. He currently leads the pre-sales community focusing on Communication Service Providers and is instrumental in evangelizing F-Secure’s current Connected Home Security development.

With contributions from