Prevent shoulder surfing and theft of corporate credentials
Estimated reading time: 8 minutes
The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is a security risk that can cause disaster, especially if the stolen credentials are corporate.
The practice long predates smartphones and laptops and dates back to when criminals spied on pay phone users as they entered their calling card numbers to make calls . Many years have passed, but the technique has not been lost. Thieves have evolved to observe their victims typing their ATM PINs, paying at self-service petrol pumps, or even making a purchase in a store.
A similar technique for ATM theft involves a card cloning device superimposed on the card insertion hole and a micro camera to spy on the code. The micro camera performs an act of shoulder surfing . Card cloning is essential because without a physical device the pin is useless, but in the case of account credentials on the network, all you need is user and password.
When does Shoulder Surfing take place?
shoulder surfing can happen whenever you share personal information in a public place. This includes not only ATMs, coffee shops and POS devices in general, but virtually any place where you use a laptop, tablet or smartphone to enter personal data.
Long-time shoulder surfers did not usually loom behind their victims to scrutinize information. Instead, they stood at a safe distance and interpreted finger movements as people typed numbers on the keyboard . Similarly, today’s social engineers often escape attention as they quietly observe others in public places such as airport lounges and shopping malls, bars and restaurants, on trains or subways, or wherever there are people, to tell the truth.
Indeed, today’s most sophisticated criminals are watching from further away, hidden from view. They could use binoculars, micro cameras, or the camera of their phone or tablet to scan your screen or keyboard. Not only that, they may eavesdrop as you read credit card numbers on the phone or provide other sensitive information. Criminals could also take pictures, make a video or audio record of the information and then interpret it later.
Whatever the methodology, it is clear that technology has not only helped us to be more connected and be able to afford to pay for a frappuccino with our mobile phone, but it has also exposed us to security risks. When it comes to sensitive data, especially if there is a corporate account involved that could access other people’s sensitive data, you should never let your guard down , consequences could be very serious .
As shoulder surfing commonly happens
Before suggesting some methods to prevent shoulder surfing to be put into practice immediately, let’s take a closer look at how credential theft could happen with this technique.
At the bar or in the cafeteria
You’re in a busy restaurant bar waiting for a friend. To pass the time, you connect to Instagram. Unfortunately, you don’t notice that the person stuck in line next to you is looking at your password, which happens to be the same one you use for your email and bank account.
At the ATM
You’re taking cash at an ATM. You feel safe because the man after you in line is at least 10 feet away and is even looking at his phone. In fact, he is recording your finger movements on his phone and will later decrypt them to get your PIN number.
To the airport
Your flight is delayed, so grab your laptop and kill your time by reading a couple of work emails to keep up to date. Log in to the company website to read your mail and enter your username and password. You are so calm that you don’t see the woman a few places away as she stares at the screen while you enter data.
What are the consequences of shoulder surfing?
Using your credit card information to make fraudulent purchases is just one example of the damage you could suffer if you fall victim to shoulder surfing . The more personal information a criminal captures about you, the more serious the consequences can be for your bank account and financial health.
A serious case of shoulder surfing can expose you to identity theft . A criminal could use your personal information, such as your social security number, to open new bank accounts, apply for loans, rent apartments, or apply for a job under your name. An identity thief could get their hands on your tax refund, use your name to get medical treatment, or even apply for government benefits in your name. They could also commit a crime and provide your personal information when questioned by the police, leaving you with a dirty record or arrest warrant.
Of course, if you suspect this has happened, you’ll need to go to the police immediately, block your checking accounts and notify the bank. If fraudulent actions have already been carried out in your name, you may need to prove that you are not involved.
Things get dangerous if the stolen data is from a corporate account. In fact, with the use of valid credentials, anyone could enter the company’s system and perform all kinds of actions, such as collecting additional data, placing malware, running a ransomware , steal customer data and then sell it online.
How to defend yourself from shoulder surfing
Two levels of protection can be identified, the first is proactive and is aimed at preventing credentials from being exposed to malicious people, the second is active and provides software to detect attempts to use stolen credentials.
Defend yourself proactively
If you really can’t avoid entering sensitive data on your laptop, tablet or smartphone in a public place, you should follow the countermeasures listed below.
Tip 1: Before entering any sensitive data, find a safe place . Make sure you sit with your back to the wall. This is the best way to protect yourself from prying eyes. Avoid public transport, the central armchairs of a waiting room and places where there is a lot of people coming and going.
Tip 2: Use a privacy filter. This hardware device is a simple polarized translucent sheet that is placed over the screen. It will make your screen look black to anyone looking at it from any unnatural angle . This will make it much more difficult for unauthorized people to see your information.
Tip 3: Two-factor authentication requires a user to prove their identity using two different authentication components that are independent of each other. Since this type of authentication only passes when both factors are used correctly in combination, the security measure is particularly effective. For example, this method is often used a lot in online banking. There are many services that allow you to use your mobile phone as a second authentication factor . This is done through special apps.
Tip 4: Another solution is to use a password manager . By doing so, you no longer have to enter each password individually on your computer. The password manager will do this for you after you enter your master password . This prevents unauthorized people from using your keyboard to determine the real password, provided that you properly protect your master password .
Actively defend yourself with a SOC and behavior analysis
Now let’s imagine that the corporate account credentials have been stolen. At this point only a behavior control system can trigger an alarm and therefore block the user before there is any damage.
In fact, using correct credentials, a normal traditional SIEM would not trigger any alarms. For an older generation SIEM, access would be legitimate, because the credentials are correct. The attacker would have free undisturbed access to the system and could continue with his attack plan.
With SOD’s SOCaaS service, however, abnormal access would trigger an alarm. The SOC provided is equipped with a Next Generation SIEM and a system UEBA control behavior . This means that any deviation from the user’s usual behavior would be reported.
In the case of credential theft, as happens with shoulder surfing, the access made by the attacker would therefore trigger an alarm because something is wrong . For example, the login could take place at anomalous times, in another country / IP, from a different operating system, etc.
shoulder surfing is a social engineering technique that focuses on user carelessness while entering sensitive data into a system. In the event that a user’s corporate credentials are stolen, the only really efficient thing is to have a system that analyzes user behavior and reports whenever suspicious actions are detected.
If you want to know in detail how a SOC and UEBA system can help your company defend against social engineering attacks, do not hesitate to contact us, we will be happy to answer any questions.
- Event Overload? Our SOCaaS can help!
- Business email compromise (BEC) schemes
- XDR as an approach to security
- What is threat intelligence?
- Data Loss Prevention: definition and uses
- Prevent shoulder surfing and theft of corporate credentials
- HTTP / 3, everything you need to know about the latest version protocol
- Machine learning and cybersecurity: UEBA applications and security
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (9)
- Web Hosting (15)
- Troy Hunt: Organizations Make Security Choices Tough for Users May 6, 2021The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
- New Techniques Emerge for Abusing Windows Services to Gain System Control May 6, 2021Organizations should apply principles of least privilege to mitigate threats, security researcher says.
- Google Plans to Automatically Enable Two-Factor Authentication May 6, 2021The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
- CISA Publishes Analysis on New 'FiveHands' Ransomware May 6, 2021Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
- Securing the Internet of Things in the Age of Quantum Computing May 6, 2021Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
- Cloud-Native Businesses Struggle With Security May 6, 2021More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
- Biden's Supply Chain Initiative Depends on Cybersecurity Insights May 6, 2021Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
- How to Move Beyond Passwords and Basic MFA May 6, 2021It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
- Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security May 6, 2021Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
- Attackers Seek New Strategies to Improve Macros' Effectiveness May 5, 2021The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
- APPLE-SA-2021-05-03-3 watchOS 7.4.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-3 watchOS 7.4.1 watchOS 7.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212339. WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report […]
- APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 macOS Big Sur 11.3.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212335. WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a […]
- APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 iOS 14.5.1 and iPadOS 14.5.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212336. WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
- APPLE-SA-2021-05-03-2 iOS 12.5.3 May 4, 2021Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-2 iOS 12.5.3 iOS 12.5.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212341. WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted […]
- KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.126.96.36.199 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective […]
- KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.188.8.131.52 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective firmwware or […]
- KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device May 4, 2021Posted by Kaustubh Padwad via Fulldisclosure on May 04itle :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products: 1. RN510 with firmware V.184.108.40.206 (Tested and verified) Potential 2.RN620 with respective firmware or below 3.RN410 With Respective firmwware or below. […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term […]
- Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021Posted by Q C on May 04[Update 2021/05/04] CVE-2020-20212 and CVE-2020-20211 have been assigned to these two vulnerabilities. CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference) CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from […]
Estimated reading time: 7 minutes Ethical hacking means the application for good of hacking techniques. The… https://t.co/JMjvDtbW9p
Tempo di lettura: 4 minMonitoraggioNegli ultimi anni abbiamo assistito ad una rapida evoluzione delle infrastruttur… https://t.co/3EQ6yPJG4g
Tempo di lettura: 6 min WastedLocker e' un software per attacchi ransomware che ha iniziato a colpire imprese e al… https://t.co/yRXHQPoAlG
syslog server - High performance service for collecting logs - Use all the strengths of the syslog-ng Premium Edit… https://t.co/NOmReNicwb
WastedLocker is ransomware attack software that began targeting businesses and other organizations in May 2020. It… https://t.co/8244AWLg8s