Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label leaked credentials. Show all posts
Security System
Cyber Attacks Dark Web leaked credentials OSINT Security System

Dark Web Exposure Increases Risk of Cyber Attacks, Study Finds

 



A new research study has determined that any companies that are ever mentioned on the dark web will be much more vulnerable to cyberattacks. In collaboration with Marsh McLennan's Cyber Risk Intelligence Center, Searchlight Cyber has carried out research on more than 9,000 organizations, revealing that dark web exposure has a strong link to breaches in cybersecurity. This has established a critical urgency for businesses to track their presence online and develop better security protocols.


How the Dark Web Poses a Threat to Businesses  

The dark web is a hidden part of the internet where cybercriminals operate anonymously. It is commonly used for illegal activities, including the sale of stolen data such as passwords, financial records, and personal information. Many businesses are unaware that their sensitive data is already circulating on the dark web, making them prime targets for cyberattacks.

Based on the study, companies that experienced any type of exposure on the dark web suffered a 3.7% breach rate over four years. This simply means that after an organization's information hits underground marketplaces, hacking forums, or leaked databases, the chance of a security breach becomes a lot higher.

The researchers found several routes through which a company's information can find its way to the dark web, each step of which heightens the potential for cyberattacks: 

1. Exposed Employee Credentials  

In case employee login credentials (e.g., email and password) are leaked, the chances of hacking into a company increase by 2.56 times. The hackers use these leaked credentials to infiltrate internal systems without authorization.


2. References on Dark Web Marketplaces  

 Being associated with an underground trading platform increases a company's chance of being targeted by 2.41 times. Mainly, the hackers sell the stolen information to other attackers for use.  

3. Company Network Tied to Dark Web

If an organization's IT systems have activity on the dark web, whether intentional or accidental, an attack will happen 2.11 times more frequently.

4. Paste Sites Data Leaks 

Pastes are commonly used by hackers to share data that they have stolen from an organization. If a company's data is posted on such sites, there is an 88% increase in the possibility of breach.

5. Public Exposure through OSINT  

At times, some companies' information might be published due to either a misconfigured environment or breaches in data storage. If there is a firm's exposure within OSINT reports, then that increases the business's risk level by 2.05 times.

This research also demonstrated that companies featured in five or more of these risk categories had a 77% chance of facing a cyberattack than companies without any. 


How Companies Can Protect Themselves

Cyberattacks have been increasing by the day. Businesses, therefore, have to take proactive steps to ensure the security of their sensitive data. Experts say companies should consider taking the following actions: 


  •  Check the Dark Web Daily

Businesses must employ cybersecurity that scans the dark web for data breaches and responds immediately if data belonging to a company is located. 


  •  Strong Password Policies 

 Employees must be compelled to use strong passwords and to also activate MFA to block hackers from unauthorized access. 


  •  Frequently Update Security Systems

Software updates and system patches keep cybercriminals from exploiting vulnerabilities in outdated technology.


  •  Train Employees on Cybersecurity Risks 

  Human error is one of the biggest causes of cyber breaches. Educating staff on how to identify phishing scams and suspicious activities can significantly reduce security threats.


Why Dark Web Awareness is Crucial

According to Ben Jones, CEO of Searchlight Cyber, companies must be aware of their dark web exposure. Hackers, he explained, plan cyberattacks in underground forums and marketplaces and use leaked credentials to gain access to company systems.

By monitoring their exposure, strengthening their security policies, and educating employees, businesses will be able to minimize their risk and stay one step ahead of cybercriminals. Protect sensitive information before an attack happens and save money on security breaches.


Read more »
User Privacy
Data Breach leaked credentials Research User Data User Privacy

Leaked Infrastructure Secrets Costs Companies an Average of $1.2 Million in Revenue Annually

 

Developers typically have to pick between speed and security in order to meet these accelerated timelines. To make it simpler to access infrastructure secrets such as API tokens, SSH keys, and private certificates, they store them in config files or close to source code. However, they are often unaware that the simpler it is for them to gain access to these secrets, the easier it is for hackers to do so as well. 

According to the report "Hiding in Plain Sight" by 1Password, the leader in corporate password management, organizations lose an average of $1.2 million each year due to stolen information, which the company's researchers refer to as "secrets." 

“Secrets are now the lifeblood for IT and DevOps as they seek to support the explosion of apps and services now required in the contemporary enterprise,” stated Jeff Shiner, CEO of 1Password. 

500 adults in the United States who work full-time in their business's IT department or in a DevOps capacity at a company with more than 500 workers were questioned about the keys, tokens, and certificates that power their digital infrastructure. 
 
According to the poll, ten percent of respondents lost more than $5 million as a result of a covert leak. Over 60% of respondents said their company has faced significant data leaks. 

Furthermore, two-fifths (40%) of respondents said their businesses had been harmed by a loss of brand reputation, with 29% losing clients as a result of secrets leakage. According to the research, two-thirds of IT and DevOps personnel (65%) believe their company has more than 500 secrets, and almost one-fifth (18%) believe they have more than they can count. 

IT and DevOps professionals spend an average of 25 minutes each day handling secrets, and the number is rising. Last year, more than half of IT and DevOps executives (66%) stated they spent more time managing than they had ever spent before. 

Another 61% indicated that numerous initiatives had to be postponed due to their firms' inability to effectively handle their secrets. 

Full Access to Former Employer’s systems:

API tokens, SSH keys, and private certificates are still being compromised as 77 percent of IT/DevOps employees indicate they still have access to their former employer's infrastructure secrets, with more than a third (37 percent) claiming complete access. 

According to the research, 59 percent of IT/DevOps professionals have also used email to communicate confidential information with coworkers, followed by chat services (40 percent), shared documents/spreadsheets (36%), and text messaging (26 percent ). More than 62% of respondents said team leads, managers, VPs, and others have ignored security rules due to COVID-19 demands on work. 

Jeff Shiner stated, "Our research reveals that secrets are booming, but IT and DevOps teams are not meeting rigorous standards to protect them -- and in the process are putting organizations at risk of incurring a tremendous cost. It's time for companies to take a hard look at how they manage secrets, and adopt practices and solutions to 'put the secret back into secrets' to support a culture of security.
Read more »
Subscribe to: Posts (Atom)