Cybercriminals traffic and buy stolen credentials so they can infiltrate your networks to steal your data.
Stolen user credentials (emails/passwords) found on the Dark Web can indicate that your company, or a 3rd party application/website, that your employees user credentials have been compromised.
Account takeover is a type of online fraud that occurs when attackers use stolen logins to gain unauthorised access to accounts. When passwords are reused across multiple online accounts, criminals can exploit credentials that have been exposed in third-party data breaches to access multiple accounts.
Our service can help both public and private sector organisations detect and mitigate cyber threats. Malicious threat actors can leverage stolen email addresses and passwords to compromise your own business systems and services.
The technology leverages a combination of human and artificial intelligence to scour botnets, criminal chat rooms, blogs, websites and bulletin boards, peer-to-peer networks, forums, private networks, and other black-market sites to identify your stolen credentials and other Personally Identifiable Information (PII).
All organisations that have an internet presence are a potential target from malicious threat actors. While we can’t say definitively that the data we’ve discovered has already been used in a targeted attack, the fact that we are able to identify this data should be of concern. Organisations should consult their internal or external IT/security teams to prepare for a disruptive cyber event.
While your employees may have moved on, it is common to find that their user credentials are valid and, in a lot of cases, active within your internally and externally delivered IT solutions. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “dormant” accounts that can be used to exploit an organisation. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve removed any dormant accounts that could be used for unauthorised purposes.
Fake email accounts are routinely created by employees as a “throw away” when wanting to gain access to a system or piece of data. However, fake email accounts are frequently created to facilitate well-crafted social engineering and/or phishing attacks. Often, the identification of fake email accounts indicates that your organisation has already been targeted by individuals or groups.
Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using Metasploit (hacking and penetration testing framework) to “brute force” their way into an unsuspecting system.
There can be as much risk to your data within a Cloud environment as there is when it resides locally within your own servers. When researching Cloud providers and data centers, make sure you understand their compliance and certification with the security standards and protocols that impact your industry.
Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cyber criminals, within a short period of time. It is generally implausible to remove data that has been disseminated within the Dark Web. Individuals whose PII has been discovered on the Dark Web are encouraged to enroll in an identity and credit monitoring service immediately.
* These fields are required.