
Stolen Passwords Now Lead Cause of Ransomware Attacks
Email attacks that steal login credentials have become the top way ransomware gets into systems, even when two-factor authentication is turned on.
Source
Dark Reading
Original headline: Identity Attacks Overtake Exploits as Top Ransomware Cause
Plain-English summary by GetCyberRight. Read the full report at the source above.
Ransomware attackers have shifted their tactics. Email attacks that steal login credentials overtook software vulnerabilities as the top way ransomware enters systems last year. Even more concerning, multifactor authentication (also called MFA or two-factor authentication) was active in 97% of credential-based attacks but still failed to prevent the compromise.
This means having two-factor authentication alone is no longer enough protection. This affects anyone who uses email and online accounts, which includes nearly every family. The attackers are getting better at tricking people into giving away their usernames and passwords through convincing fake emails. They are also finding ways around two-factor authentication, possibly by tricking users into approving login requests they did not initiate or by intercepting codes sent via text message. Protect your family with these immediate actions:
- Train everyone in your household to never click links in unexpected emails, even if they appear to come from familiar companies. Instead, type the website address directly into your browser.
- Use authentication apps like Google Authenticator or Microsoft Authenticator instead of text message codes for two-factor authentication when possible. Apps are harder for attackers to intercept.
- Never approve a two-factor authentication request that you did not initiate yourself. If you get an unexpected approval request on your phone, deny it and immediately change your password.
- Use a password manager to create unique, strong passwords for every account. This prevents one stolen password from compromising multiple accounts.
- Enable login alerts on important accounts so you receive notifications when someone signs in from a new device or location. Think of email security as your front door lock. Teach children and elderly family members that emails requesting urgent action, password resets, or account verification are usually scams. Make it a family rule: when in doubt, do not click. Visit websites directly by typing the address, and call companies using phone numbers from their official websites, not from emails.
Curated from trusted cybersecurity sources by GetCyberRight
Source: Dark ReadingStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Software Developers Targeted in Supply Chain Attack: Why This Matters for Everyone
Hackers compromised developer tools to spread malware through trusted software channels. The programs you use daily could be affected by these attacks on the software supply chain.
2 min read
Password Attacks Now Leading Cause of Ransomware: Strengthen Your Login Security Today
Email based attacks on passwords overtook software vulnerabilities as the top way criminals launch ransomware. Even accounts with extra security failed to stop these attacks.
2 min read
Zoom Security Alert: Update Your App to Protect Your Account
A serious flaw in Zoom for Windows could let attackers take over your account without your password. If you use Zoom on Windows, update the app right away.
2 min read
Update Your Zoom App Now to Prevent Account Takeovers
Zoom discovered a critical security flaw in its Windows app that could let attackers hijack your account. Update your Zoom software immediately.
2 min read