Story image

Online credentials creating a gold mine for cyber attackers

11 Oct 16

For companies that have been the victims of breaches, there are clear reputational, brand, and financial implications.

In Digital Shadows’ recent report, “Compromised Credentials, Learn From the Exposure of the World’s 1,000 Biggest Companies”, the organisation analysed some of the world’s largest companies and found that 97% had suffered some sort of leak.

According to the cyber security firm, a ton of stolen credentials are regularly sold, traded and shared online across paste sites and online marketplaces.

For example, Digital Shadows found that actors using the names “Peace of Mind” and “Tessa88” recently put themselves into the media limelight following the public release of the LinkedIn and MySpace databases.

The types of credentials also impacts how the threat actors use them. Whether it is for account takeover, extortion/ransomware, or credential stuffing.

Digital Shadows has also seen “thedarkoverlord” offering multiple healthcare databases on the Real Deal marketplace and, more recently, the claimed Dropbox leak.

Basically, the number of compromised credentials that are available online is staggering, which the company says is providing a gold mine for attackers.

The report shows that the top breaches were social media platforms. Digital Shadows found that, LinkedIn, MySpace and Tumblr breaches were responsible for 30%, 21% and 8% of the total credentials.

So while the number of credentials leaked online for the world’s 1,000 biggest organisations is staggering it is important to remember that this is not the whole picture.

It is Digital Shadows understanding that organisations are likely more exposed by third parties and suppliers. Credential compromise affects organisations of all sizes.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.