'Digital fingerprints' can give hackers near unlimited data access
Among the threats IT and cyber security executives need to be aware of are dark marketplaces that collect and sell stolen “digital fingerprints” that encompass the full fingerprinting of a user’s Web browser and computer characteristics, allowing an attacker to almost flawlessly impersonate the user.
A new report by IntSights, a provider of threat intelligence services, analyzes the rise of digital fingerprints, and notes that markets such as Genesis and Richlogs are acquiring these identities to sell to buyers in dark markets.
The identities can potentially provide access to mail accounts, social media profiles, credit card accounts, and other resources. IntSights provided several tips to protect against digital identity fraud.
One is to continuously monitor digital identity markets. “Visibility and awareness are key to proactive protection,” the report said. “Monitoring these markets can help you identify compromised identities early.”
Another is to enable two-factor authentication. Asking for a second or even third variable for verifying users makes it increasingly difficult for attackers to hack accounts.
Companies should also regularly update fingerprinting protocols. “If your company uses digital fingerprinting to verify customers or users, make sure you regularly update these protocols and add additional points of authentication in order to keep up with the stealer’s version upgrades,” the report said.
Users should also consistently clear cookies and browsing history to limit the extent of the digital history, and change passwords regularly and avoid password reuse.