How to secure your home? Will you choose a house on the side of a big road without a fence or choose a house in a complex and cluster that is guarded by security officers who monitor guests entering and leaving the cluster.
In terms of security, of course we will choose a house in a cluster because apart from being in a quiet complex, to enter the cluster, we must also go through a cluster security process such as submitting identity cards and CCTV surveillance of incoming guests.
If forced to live in the middle of a city that is not clustered, many homeowners add special security posts to guard their homes.
Likewise, data security must be carried out by government institutions which certainly have a lot of important data that must be protected, because using internet facilities which are like a big road that is freely accessible to everyone, security for data access must be carried out such as using encryption, https, VPN and DMZ or de militarized zone.
From the report provided by Dark Tracer, many government institutions do not implement https properly on their sites, even though https has become the minimum standard in site security because without https protection, all information that passes between computer devices and servers serving transactions will be seen directly. naked (without encryption) and if it contains important information such as credentials or other important data, then this information will be very easy to retrieve and use for criminal acts.
From the facts above, it can be concluded that the data leak was not only caused by malware, but the site manager's carelessness in not protecting the site's accessors with https also contributed greatly to the leak of the credential data of the site's accessors. According to Vaccination's observations from the list provided by Dark Tracer, LPSE is one of the institutions that does not implement credential data security properly. At least 470 cross-institutional LPSE subdomains experienced credential leaks with a total of 11,507 leaked credentials.
It should be realized that weaknesses in subdomain security can be exploited as a side door / cross site to attack the main domain that has been well secured.
In addition to https security, the essential thing that must be considered is intranet security. Intranets are internal institutional networks where sensitive institutional information passes through the intranet and access to the intranet should be handled with extra care. That's why access to institutional intranets is usually very well protected and fortified with various kinds of protection such as firewalls and VPNs and access to institutional intranets is not recommended to be done directly from the internet, even though it is protected with https or TFA though.
If you access the intranet directly from the internet without a firewall or VPN, it's like choosing a house on the side of a big road that is only protected by a 3-digit suitcase lock and then placing a safe for storing valuables in your yard. The following are some government institutions that experienced leaks of intranet credential data.
Even if you are forced to provide direct access to the intranet via the internet and cannot use a VPN, the recommended minimum security is to use a proxy or relay server so that access to the intranet can be restricted.
Technically, if the leak occurs from the user's side, there are 3 methods commonly used by criminals:
A Trojan/keylogger is a malware that will record all keyboard taps from the infected device and send it to the trojan maker.
Phishing, where the victim will be directed to a fake site to enter his/her credentials to be stolen. These phishing victims are generally not aware when entering phishing sites due to ignorance and also the expertise of phishing message creators which usually contain threats that if they do not change credentials, their digital services, whether email, bank accounts or accounts will be turned off / blocked.
Using an unsecured connection such as free unencrypted wifi so that the data transmitted can be intercepted and read by third parties / wifi service providers. Alpha protects connection traffic with encryption such as ensuring the sites being accessed are properly https encrypted or adding additional protection such as accessing office services from home using a VPN.
How to protect against credential theft?
Make sure the antivirus you are using has Identity Shield protection where
when you visit a site where you enter your credentials, the credential information will be encrypted so that even if it is stolen, it will not be readable because it is encrypted.
Avoid using Wifi that is not known for its security, if you are forced to use Wifi, get in the habit of activating a VPN so that all communication from computer devices that use Wifi will be encrypted.
Avoid using pirated software because it is vulnerable to being infiltrated by malware / trojans.
To avoid phishing sites, make sure your browser has the Webroot Web Threat Shield feature which will detect and prevent you from becoming a victim of phishing and scams.
