Security experts have warned Britain’s leading companies that they could unknowingly compromise after revealing tens of thousands of corporate credentials on the dark web.
Outpost24 used its Blueliv threat monitoring tool for trawling cybercrime sites for hacked credentials, finding 31,135 usernames and passwords owned by FTSE 100 firms.
These are the 100 largest companies listed on the London Stock Exchange by market capitalization.
It is estimated that about three-quarters (75%) of this credentials were stolen through conventional data hacking, while about a quarter was obtained through individually targeted malware infection.
The majority (60%) of the stolen credentials came from the three most regulated industries – IT / telecommunications (23%), energy and utilities (22%) and finance (21%), according to Outpost24.
According to the study, approximately 81% of FTSE 100 companies were found to have at least one compromised credential on the dark web, while 42% had more than 500 logins.
More than 68% of them have been exposed for more than 12 months, suggesting that even the best resources and the most regulated firms are struggling to see their risk appetite.
On average, healthcare companies had the highest number of stolen credentials per company (485) as a result of data hacking, while the IT / telecommunications sector had both the highest total number of stolen credentials (7303) and the highest average number of stolen credentials. credentials for the company. (730).
Outpost24 warned that threat subjects could use such logins to gain covert access to the network as part of attacks with extortionists of “big game hunting”.
“Once an unauthorized third party or initial access broker gets users’ logins and passwords, they can sell dark network credentials to a novice hacker or use them to compromise an organization’s network, bypassing security measures and moving aside to steal critically important and cause violations, ”said Victor Asin, laboratory manager of Outpost24 Blueliv.
“Stolen credentials are dangerous because very little can be done to identify and detect an attacker who is inside your system. Therefore, it is important to actively monitor stolen credentials and alert security to reset passwords when detected to reduce risk. ”