Why Critical Infrastructure Agencies Should Monitor for Exposed Credentials
Posted on July 27, 2020 by Frank Arico
The average number of breached data records, including credentials, per U.S.-based company, is an astounding number—28,500.
For cyberattackers, breached credentials, such as usernames and passwords, represent the keys to the kingdom. Cyberattackers who are trained in penetrating a company’s defenses easily can steal hundreds, or even thousands, of credentials at a time. The average price range for an individual’s compromised credential? One to eight dollars—per individual. This means that a criminal who has access to stolen credentials often sells them in huge quantities, making tens of thousands of dollars in the process. In many cases, criminals sell credentials to multiple buyers, meaning that organizations that experience breaches are often under digital assault from dozens, or even hundreds, of attackers.
This transaction all takes place in a mysterious place called the Dark Web, which is an ecosystem of digital communities that sits below the commercial internet. Regular browsers cannot access Dark Web websites, which end in .onion, instead of the surface web’s more common .com, .org, or .gov.
While there are legitimate purposes for the Dark Web, it is estimated that more than 50 percent of all such sites are used for criminal activities, with the most common of those being the disclosure and sale of digital credentials that are used to log into consumer sites, e.g., email services, travel sites, banking, and social media. Even more unsettling is that even if a mission-critical communications agency’s staff members are not accessing these third-party consumer websites from the agency’s network while they are in the workplace, it is likely that they are using the same credentials to access their workplace’s critical business applications.
Passwords represent a 20th-century solution to a modern-day problem. It is estimated that 39 percent of adults in the U.S. use the same or very similar passwords for multiple online services, corporate and consumer.
How Credentials Are Comprised
There are four common ways in which cybercriminals compromise credentials to launch a cyberattack:
- Phishing attacks: An example of a phishing attack is when an attacker sends emails disguised as legitimate messages to trick users into disclosing credentials. This delivers malware that captures the credentials
- Watering holes: Popular and legitimate sites, such as social media or a corporate intranet, also are known as watering holes for cybercriminals; when these sites are compromised, they expose visitors to malware designed to capture credentials
- Malvertising: This common practice injects malware into legitimate popular advertising networks, which then unwittingly expose a visitor’s credentials
- Web attacks: These occur when an internet-facing company is scanned by criminals for vulnerabilities, which then are exploited to develop a foothold; the attacker then moves laterally through the network to discover credentials
Once attackers gets their hands on compromised credentials, they can launch cyberattacks, such as:
- Sending spam from compromised email accounts
- Defacing web properties to host malicious content
- Installing malware on compromised systems
- Compromising other accounts using the same credentials
- Exfiltrating sensitive data, e.g., a data breach
- Stealing someone’s identity
Protecting Against Credential Compromises
While there is always a risk that attackers will compromise a company’s systems through advanced attacks, most data breaches exploit common vectors, such as known vulnerabilities, unpatched systems, and unaware employees.
Agencies should implement proactive cybersecurity tools, e.g., network, system and device monitoring, data leak prevention, multifactor authentication, and employee security awareness training, and to protect their organizations from the perils of the Dark Web.
Mission Critical Partners offers a complimentary Dark Web Compromise Report to mission-critical communications agencies that identifies the number of credentials that already have been exposed in your organization, and which present a major risk to your organization’s services, such as Office 365, payroll, virtual private networks (VPN), remote desktops, and other systems, including your computer-aided dispatch (CAD) and call-handling systems and more.
Request one at no cost here and one of our cybersecurity experts will be in touch.