Much like the legitimate economy, the cybercriminal marketplace experiences ebbs and flows.
Current factors working against it include the ripple effects of COVID-19 and loss of trust due to increased law enforcement activity. But any remaining doubt as to the sheer magnitude of this shadow economy was officially shattered earlier this month when security firm Digital Shadows released research showing that some 15 billion – with a “b” – login credentials are circulating in the cybercriminal underground, the result of 100,000 breaches that have occurred in recent years. If they all are unique, the 15 billion figure would compute to roughly two credentials for every person living on the planet.
When a data-loss incident occurs, the hijacked merchandise has to end up somewhere, and now it appears the supply of stolen usernames and passwords for everything from domain admin accounts to anti-virus software to bank accounts is stuffing the far recesses of the internet. Depending on the value of the account, credentials can fetch anywhere from a few bucks each to several thousand per entry.
Given the volume, it is likely a compromised business has or soon will cough up your personal information. But as a security professional, you can take steps to help offset the explosive rise of dark web credentials by a) not contributing to the problem and b) keeping your guard up against any stolen information being used against your organization – all while ensuring maximum efficiency from your team. Automation is a big part of it.
A Three-Step Plan to Mitigate Dark Web Risks
1) Eliminate the Sources
Attackers commonly turn to phishing or malicious spam (such as keylogger) attacks to siphon credentials from their victims. Perhaps their aim is solely that: to pilfer someone’s login information as a way to commit account takeover fraud or business email compromise. In fact, the Digital Shadows audit turned up two million email addresses related to accounting departments. In other cases, attackers look to pry credentials to further a much larger agenda within a targeted organization, as these “keys” can permit them to move laterally with the goal of ransacking the database or installing sophisticated malware. You can respond by enlisting common-sense approaches for handling social engineering, as well instituting security automation to hasten and streamline your response to phishing and malware cases.
2) Encourage and Empower Employees to Practice Good Security Hygiene
Employees can be their own worst enemy when it comes to keeping themselves and their employer safe from the tentacles of cybercriminals, especially now with a majority of them working remotely. Security awareness education is valuable, but employees alone can’t be relied upon to make the right decisions all the time. Technology can help them along, including VPNs, password managers and two-factor authentication, as does restricting privileges to the minimum level of permissions needed to get their jobs done.
3) Gather Dark Web Intelligence and Apply It With a SOAR Use Case
Dark web monitoring services, which trawl the common locations from which stolen data is dumped or bought and sold, have become in demand in recent years by companies yearning for more visibility into the whereabouts of their employees’ or customers’ personal information. But the process of determining the legitimacy of the monitoring tool’s findings, closing false positive cases and initiating account password resets or lockouts can be cumbersome and time consuming. Security orchestration, automation and response (SOAR) technology can help security teams overcome these pain points through custom playbooks, while also simultaneously ensuring passwords aren’t exposed to analysts and significantly reducing the time window in which criminals have to exploit the credentials. In addition, SOC personnel is freed up to work on strategic tasks, like hunting for active threats within the network.
Dan Kaplan is director of content at Siemplify.