New research has pointed to a 429% jump for sales of corporate login details on the darkweb, suggesting hackers will continue to look to exploiting login details from organisations for an easy pay-day.
The figures come from Arctic Wolf who published its Security operations Annual Report for the year of 2020, saying that the sale of corporate login and password information has skyrocketed in the past 12-months.
Among its key takeaways, authors of the report state that there has been a 429% increase since March of “cleartext usernames and passwords found to be exposed on the dark web.” The increase is due to the fact that there “are situations where personally identifiable information (PII), corporate credentials, and other sensitive information makes its way onto the dark web in plain text. This high-value data is bought and sold by threat actors who execute phishing, credential stuffing and brute-force attacks against the individuals and organisations.”
“This high-value data is bought and sold by threat actors who execute phishing, credential stuffing and brute-force attacks against the individuals and organisations.”
The problem is made worse by the fact that numbers from LastPass state that while 91% of respondents know they should not replicate or reuse their passwords across multiple accounts, yet, 75% continue to do so anyway.
The report also states “since March, the number of connections to open WIFI networks increased by 243 percent. Without proper controls in place, geographically dispersed workforces face increased risks of attacks on unsecured networks.”
The team at Arctic Wolf state that in light of the pandemic forcing a number of organisations to work more remotely, they have identified five key themes. They say that the “forced dispersion of the workforce has increased business email compromises,” and that “ransomware operators are becoming highly effective in targeting specific companies.”
They also state that “traditional patching timelines are no longer acceptable,” adding that “misconfigurations are leaving cloud environments vulnerable,” and concluding that it’s essential organisations “remain vigilant in the face of increasing account takeover (ATO) attacks.” The report says that on average, organisations were taking 40 days to address and patch vulnerabilities in their network.
The authors of the report note that more than one-third of cyber attacks occur in after-work hours, when attackers “look to exploit the path of least resistance, and if no one is watching, they will have hours to operate without the potential threat of true detection.”
Arctic Wolf added that in the second quarter of 2020, 35% of cyber threats detected by the firm took place between 8pm and 8am; this figure jumped from 27% the year before. “Attackers don’t respect your evenings or weekends off. In fact, they use these comparatively lax periods to their advantage.”
In terms of workforces moving to a remote means of operating, the report states that hackers are readily taking advantage of the fact that “work from anywhere actually means work from anywhere there’s connectivity.” Employees logging onto their organisation’s system via a public, unsecured network pose a significant risk when it comes to that organisation being targeted by a threat actor like a hacker.
We reported recently that the number of employees opening potentially sensitive and secretive company data on personal devices had increased 39% during the pandemic. Authors of the report say that “by connecting to an open WIFI network that a user’s device has connected to, adversaries can use these stolen session cookies to authenticate to your internal web applications and services.”
How Can You Keep Your Organisation’s Logins Safe?
Authors of the report have listed five key strategies to maintain the integrity of your organisations data, which include:
- Acquiring visibility into dark and grey web exposures and data sales
- Using a password management system
- Leveraging multi-factor authentication for staff logins
- Disabling and deleting expired user accounts from previous employers
- Train your staff and increase their awareness of the risks of operating online and passwords
Implementing an Information Security Management System like ISO 27001 is one of the most effective ways your organisation can reduce the risk of being targeted by an unauthorised threat actor, as well as educating your employees as to the best practices around data protection, passwords and safeguarding your organisation’s potentially sensitive information, as well as the data you’re storing on your clients.