An exploration into the state of stolen credentials available on the dark web has found that passwords, domains, and data all play a key role in the information being exploited by cybercriminals.
ImmuniWeb’s study took an in-depth look at the information on spear-phishing and password re-use attacks that had been taken out on the highest-grossing global public and private companies according to Fortune 500.
The firm looked at the data available across the accessible anonymous TOR networks to identify sites that offered stolen or leaked data.
On the findings, Ilia Kolochenko, CEO and Founder of ImmuniWeb, commented: “[The] numbers are both frustrating and alarming. Cybercriminals are smart and pragmatic, they focus on the shortest, cheapest and safest way to get your crown jewels. The great wealth of stolen credentials accessible on the Dark Web is a modern-day Klondike for mushrooming threat actors who don’t even need to invest in expensive 0day or time-consuming APTs.
“With some persistence, they easily break-in being unnoticed by security systems and grab what they want. Worse, many such intrusions are technically uninvestigable due to lack of logs or control over the breached [third-party] systems,” He adds.
Focusing on passwords, key findings from the research found over 21 million credentials belonging to Fortune 500 companies, 16 million of which had been compromised in the last year. Furthermore, 95% of the credentials discovered were unencrypted or had been bruteforce cracked by hackers.
Technology was found to be the industry that had the largest number of credentials exposed in breaches, this was followed by finance and energy.
Looking into domains, the amount of squatted domains and phishing websites per company is proportional to the number of exposed credentials. The more illegal the resource, the more credentials that can be found of the organisation’s personnel.
Adding to this, the number of subdomains with failing web security is equal to the number of exposed credentials. The more badly secured that a website is, the higher the number of credentials that can be found for that site.
In terms of data, more than half of the data that is accessible to the public is either fake or outdated. Another finding was that false data had come from historical breaches under the guise of being new information.
The most popular sources of the exposed breaches were:
- The companies themselves (e.g. their own websites or in-house other resources)
- Trusted third parties (e.g. websites or other resources of partners, suppliers or vendors)
- Third parties (e.g. websites or other resources of unrelated organizations)
Kolochenko continued: “In the era of cloud, containers and continuous outsourcing of critical business processes, most organizations have lost visibility and thus control over their digital assets and data. You cannot protect what you don’t see, likewise you cannot safeguard the data if you don’t know where it’s being stored and who can access it. Third-party risks immensely exacerbate the situation by adding even more perilous unknowns into the game.”