November 12, 2017 by

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are hacked and hijacked by malicious hackers.

A 12-month study wherein Google partnered the University of California, Berkeley to provide a better understanding on how customer accounts are hijacked has also revealed ways in which users can better secure their online accounts.

Google wrote:

What we learned from the research proved to be immediately useful. We applied its insights to our existing protections and secured 67 million Google accounts before they were abused. We’re sharing this information publicly so that other online services can better secure their users, and can also supplement their authentication systems with more protections beyond just passwords

Over a 12-month period, the study revealed that a staggering 788,000 credentials were stolen via keyloggers – malicious software or hardware that records the keystrokes on a keyboard. The study, which lasted between March 2016 and March 2017, also discovered 12.5 million potential victims of phishing kits and 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. A further 3.3 billion credentials were exposed by third-party breaches.

Revealingly, phishing continues to pose the biggest cybersecurity threat, farming some 235,000 usernames and passwords every week. Relatively speaking, keyloggers were found to be stealing nearly 5,000 credentials per week. Furthermore, 74% of keyloggers and 82% of phishing attempts also tried to collect a user’s IP address and physical location. A further 18% of malicious tools collected phone numbers as well as the victim’s device make and model.

Google engineers added:

By ranking the relative risk to users, we found that phishing posed the greatest threat, followed by keyloggers, and finally third-party breaches.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Google Makes Two-Factor Authentication a Seamless No-Brainer

Google has built-on its two-factor system to introduce the feature for iOS users through their Gmail...

Read more arrow_forward

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward

Google Plans 2FA Upgrade with Hardware Replacements

Google is reportedly close to rolling out a new hardware-based replacement solution as an upgrade...

Read more arrow_forward