Post COVID-19 Password Extinction Accelerated; Telemedicine Spurs Fraud

By Robert Prigge, CEO of Jumio

Passwords will become extinct much faster than predicted.

As the COVID-19 pandemic pushed more of us to self-isolate, Zoom became the go-to teleconferencing platform. In fact, Zoom went from 10 million daily meetings in December to 300 million today. Unfortunately, this surge in popularity came with a price tag — a lack of data privacy. Now, there are over 500,000+ stolen Zoom logins floating around the dark web for just .002 cents each. And this is just opening the door for account takeover (ATO) attacks via credential stuffing — a type of cyberattack where automated bots use those stolen account credentials to gain unauthorized access to user accounts. And Zoom is not alone. We’ve also seen a rash of account takeover attempts aimed at users of Microsoft’s proprietary Remote Desktop Protocol (RDP), striking millions per week.

With data collected and sold on the dark web containing usernames and passwords from past breaches, and internet users often recycling the same login credentials across multiple platforms, cybercriminals have all of the tools they need to impersonate a user’s identity online. This means that if your online account is only protected by a username and password, then you’re likely going to be an ATO target. As a result, password-based authentication, multi-factor authentication (2FA) and knowledge-based authentication (KBA) will be a thing of the past much sooner than previously anticipated, and businesses will look to more sophisticated and secure login options for current and prospective users.

Telemedicine will open up new threat vectors for fraud.

Given the health concerns involved with physically visiting a doctor or hospital during COVID-19, patients have been urged to stay home unless symptoms are considered severe. Because of this, telemedicine has been the most viable resource for those seeking medical counsel during this time. Unfortunately, there have also been over 3,000 healthcare-related breaches that have impacted more than 500 million medical records in the past decade, a trend that has been escalating year-over-year. Due to the high amount of personal information, medical records command a high value on the dark web and can be listed for up to $1,000 each, 10 times more than the average credit card data breach record. Cybercriminals can then easily obtain this information and impersonate legitimate patients.

This stolen information can also be used to obtain free medical or dental care. Because of this, CIOs will scramble to ensure procedures are in place so that doctors know their patients are who they say they are —and this is the domain of the emerging field of Know Your Patient (KYP). This means healthcare provider organizations need to adopt identity safeguards similar to the Know Your Customer (KYC) regulations adopted by the financial service industry.

About the Author

Robert Prigge AuthorRobert Prigge is responsible for all aspects of Jumio’s business and strategy. Specializing in security and enterprise business, he held C-level or senior management positions at Infrascale, Secure Computing, McAfee, Quest Software, Sterling Commerce, and IBM. Robert can be reached online via LinkedIn, on Twitter @rprigge, and at Jumio’s website, www.jumio.com.