Google specialists together with scientists from the University of California at Berkeley and the International Computer Science Institute published results of a study of modern cyberthreats. According to the report, phishing attacks present a more serious threat to users than keyloggers and password reuse.
To this conclusion, the researchers came, having analyzed several black markets for the sale of accounts and credentials. The study examined data for the period from March 2016 to March 2017.
Experts found more than 788 thousand. credentials stolen with the help of keyloggers, 12.4 million credentials stolen by phishing, and 1.9 billion credentials on the network during leaks. At the same time, 12% of the accounts compromised during the leak were registered through the Gmail service. In 7% of cases, users reused their password from Google to access another account, thus placing both accounts at risk of hacking.
According to representatives of Google, from 12% to 25% of detected passwords were still used by users. Google said that the results of the study will be used, including for resetting passwords in compromised accounts.
"Assessing the risks, we found that phishing poses the greatest threat to users. Then follow keyloggers and data leaks. The likelihood that a phishing scam account will be hacked 400 times more than an average Google user. This indicator is 10 times smaller among the victims of data leaks and about 40 times less among the victims of keyloggers, "experts said..
In addition, researchers also drew attention to the growing tendency to include in keyloggers and phishing software tools for registering IP addresses and other data to bypass geolocation filters. More complex malware variants also register phone numbers and user-agent data.
More details of the report can be found here..