The expert spoke about the methods of protecting against attacks through password selection.

Hackers attacking corporate networks and popular services are massively switching from vulnerability detection to password selection, and the proportion of such hacks is growing every year. Ashot Oganesyan, founder of DLBI's data leak intelligence and monitoring service, told Izvestia on June 19.

"At the same time, password reuse techniques have recently been used in addition to dictionary attacks, when login-password pairs obtained from various leaks are used. According to a DLBI study, in 2024 alone, about 581 million unique accounts (email/password pairs) were leaked, and in total there are more than 6.1 billion user accounts in the public domain," he noted.

This attack method is based on the reasonable assumption that users often use the same or similar passwords on different services. When attacking accounts on social networks, banks, and on the Public Services portal, a simple password reuse technique is used when logging in using one or more login-password pairs obtained from data leaks.

"advancedpassword reuse is used for attacks on corporate networks, when at the first stage, the user's first and last name are set using data from leaks, and often the user's place of work (social network parsing can also be used for this), and then a corporate email is collected from them, conforming to the company's rules, to which all received for this user are added. The passwords are used by hackers to enter the company's network," the expert said.

The fight against this type of attack is conducted using two-factor authentication, as well as specialized password verification services that collect a single database of all available leaks, and then notify the user if his email or phone is leaked and the password used for this service is compromised.

"For companies, such services can connect to a corporate authorization system, for example, Active Directory, and check not only email, but also passwords themselves in automatic mode, which allows you to immediately block the use of compromised data. At the same time, the passwords themselves are not transmitted anywhere, but their hashes are used for comparison," Oganesyan clarified.

Key Decoupling: Hackers have intensified password-matching attacks

Most of the criminals worked from the USA, China and Russia.

On April 3, Konstantin Kryuchkov, AppSec.Track Product Director at AppSecSolutions, said at the Security Territory conference that hackers most often hack web applications, accounting for more than 60% of attacks. According to the expert, phishing emails are in second place (almost 20%), which are used in fraudulent schemes and affiliate programs.