Surge in exposed credentials puts companies at risk
The volume of credential exposures
has increased to 16,583 from April to July 2017, compared to 5,275 last
year’s analysis by Anomali. 77% of the FTSE 100 were exposed, with an
average of 218 usernames and password stolen, published or sold per
company. In most cases the loss of credentials occurred on third party,
non-work websites where employees reuse corporate credentials.
Suspicious domain registrations by country
In May 2017, more than 560 million login credentials were found on an
anonymous online database, including roughly 243.6 million unique email
addresses and passwords.
A significant number of credentials linked to FTSE 100 organisations
were still left compromised over the three months following the
discovery. This failure to remediate and secure employee accounts, means
that critical business content and personal consumer information held
by the UK’s biggest businesses has been left open to cyber attacks.
Targeted brand attacks and exposed credentials
“Our research has uncovered a staggering increase in compromised
credentials linked to the FTSE 100 companies. Security issues are
exacerbated by employees using their work credentials for less secure
non-work purposes. Employees should be reminded of the dangers of
logging into non-corporate websites with work email addresses and
passwords. While companies should invest in cyber security tools that
monitor and collect IDs and passwords on the Dark Web, so that staff and
customers can be notified immediately and instructed to reset
accounts,” said Colby DeRodeff, Chief Strategy Officer at Anomali.
The Anomali research team also analysed suspicious domain
registrations, finding 82% of the FTSE 100 to have at least one
catalogued against them, and 13% more than ten. In a change to last year
the majority were registered in the United States (38%), followed by
China (23%).
With the majority of cyber attackers using gmail.com and qq.com (a
free Chinese email service) to register these domains to mask
themselves. With a deceptive domain malicious actors have the potential
to orchestrate phishing schemes, install malware, redirect traffic to
malicious sites, or display inappropriate messaging.
Top malicious registrant email domains
Threat intelligence
For the second year, the vertical hit hardest by malicious domain
registrations was banking with 83, which accounted for 23%. This is
double that of any other industry. To avoid a breach, organisations have
to be more accountable and adopt a stronger cyber security posture, for
themselves and to protect the partners and customers they directly
impact.
“Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform
can aid companies with identifying what other domains the registrant
might have created and all the IPs associated with each domain. This
information can then be routed to network security gateways to keep
inbound and outbound communication to these domains from occurring. No
one is 100% secure against actors even with the intent and right level
of capabilities. It is essential to invest in the right tools to help
secure every asset, as well as collaborate with and support peers in
order to reduce their risks to a similar attack,” continued Mr.
DeRodeff.
Comments
Post a Comment