Do you use the same password for two, three, maybe dozens of websites?
In a new report, security experts are sounding the alarm about recycling old passwords, which they say is riskier now than ever before.
In the report, released by the data security company ThreatMetrix, researchers analyzed billions of fraudulent transactions during the first quarter of 2016 and concluded that today's cyber attacks are "bigger, more frequent and more complex" than ever before.
The report specifically focused on the alarming rise of botnet attacks. A botnet is a network of private computers that have been infected with malware and can be controlled as a group, without knowledge or permission from the computers' owners. Today's cyber criminals can "build armies of bot computers to perform huge automated attacks, often using tactics that mimic customer behavior," the report said.
In the first quarter of 2016 alone, ThreatMetrix says it detected 311 million bot attacks, a 35 percent jump from the previous quarter. The company analyzes close to two billion online transactions -- from payments to logins to new account applications -- every month.
Beyond the significant uptick in volume, botnet attacks are increasingly sophisticated, according to the report.
While security experts are relatively used to "loud and fast" botnet attacks, which utilize brute force to overwhelm systems, there's a new trend towards "low and slow" attacks, ThreatMetrix said.
In these attacks, the report explains, criminals retrieve stolen data from the dark web, then launch a series of carefully curated attacks across multiple sites to test those credentials. Such low frequency attacks are designed to mimic customer behaviors and evade existing security measures, which make them particularly hard to detect.
As our partner site ZDNet reports, once logins and passwords are found to be real, the fraudsters can then use them to attempt to log into other sites -- such as e-commerce or banking websites -- in an effort to make off with personal and financial data.
It's a startling reminder of why it's so important not to reuse the same password across multiple sites.
In this new age of hacking, small donations can be red flags: ThreatMetrix said cyber criminals often donate modest amounts, say $5, to charity organizations to test the validity of stolen credit cards.
The report also shed light on the areas hackers are targeting these days. Specifically, e-commerce attacks saw a huge jump during the first quarter of 2016; ThreatMetrix said it observed 60 million fraudulent transactions, a 90 percent increase over the first quarter of 2015.
As cyber attacks grow and evolve, prevention has become a "a constantly evolving cat and mouse game," the company said. The report noted that criminals continue to refine their attacks in response to what they've learned about security standards in various industries.
"The current threat and cybercrime environment is like a huge firestorm that keeps feeding itself," ThreatMetrix's chief products officer Alistdair Faulkner said in the report. "Data breaches turn into more account breaches and it becomes a cycle."