2016 – yet another ‘year
of the data breach’?
of the data breach’?
Digital Shadows
Data breaches and
credential compromise are nothing new. It seems every year for the past three
years has been declared the “year of the data breach,”
in some hope that a summit of data breaches has been reached. But then again,
each year data breaches continue to be revealed in startling numbers and
frequency.
credential compromise are nothing new. It seems every year for the past three
years has been declared the “year of the data breach,”
in some hope that a summit of data breaches has been reached. But then again,
each year data breaches continue to be revealed in startling numbers and
frequency.
So what do we call 2016,
when we have witnessed even more data breaches made public, including LinkedIn,
MySpace and Dropbox? It seems data breaches are no longer rare events; they are
the norm and something that all businesses must face and deal with.
when we have witnessed even more data breaches made public, including LinkedIn,
MySpace and Dropbox? It seems data breaches are no longer rare events; they are
the norm and something that all businesses must face and deal with.
Indeed, breaches are
getting industrialized on a scale never seen before. Just look at the reports
that suggest the Yahoo data breach included the details of half a billion
users. If nothing else does, this clearly shows how threat actors can use this
huge amount of data on an industrial scale.
getting industrialized on a scale never seen before. Just look at the reports
that suggest the Yahoo data breach included the details of half a billion
users. If nothing else does, this clearly shows how threat actors can use this
huge amount of data on an industrial scale.
For companies that were
the victims of breaches, there are clear reputational, brand, and financial
implications.
the victims of breaches, there are clear reputational, brand, and financial
implications.
In our recent report, “Compromised Credentials, Learn From
the Exposure of the World’s 1,000 Biggest Companies”, we analyzed
some of the world’s largest companies and found that 97 percent had suffered
some sort of leak. This was amounting to more than 5 million leaked
credentials.
the Exposure of the World’s 1,000 Biggest Companies”, we analyzed
some of the world’s largest companies and found that 97 percent had suffered
some sort of leak. This was amounting to more than 5 million leaked
credentials.
Many of these
organizations have suffered from the “collateral damage” of the initial
breaches of these companies because an alarming number of employees have reused
corporate emails and passwords while accessing a range of services and
applications, including gaming and dating websites.
organizations have suffered from the “collateral damage” of the initial
breaches of these companies because an alarming number of employees have reused
corporate emails and passwords while accessing a range of services and
applications, including gaming and dating websites.
For example, the breach
of the adultery website Ashley Madison revealed there were more than 200,000
leaked credentials from the top 1,000 global companies in the Forbes Global
2000.
of the adultery website Ashley Madison revealed there were more than 200,000
leaked credentials from the top 1,000 global companies in the Forbes Global
2000.
Credential compromise is
not new, but the frequency of appearance of compromised credentials online has
increased. Dumps of stolen credentials are regularly sold, traded and shared
online across paste sites and online marketplaces. For example, actors using
the names “Peace of Mind” and “Tessa88” recently thrust themselves into the
media limelight following the public release of the LinkedIn and MySpace
databases.
not new, but the frequency of appearance of compromised credentials online has
increased. Dumps of stolen credentials are regularly sold, traded and shared
online across paste sites and online marketplaces. For example, actors using
the names “Peace of Mind” and “Tessa88” recently thrust themselves into the
media limelight following the public release of the LinkedIn and MySpace
databases.
We have also seen
“thedarkoverlord” offering multiple healthcare databases on the Real Deal
marketplace and, more recently, the claimed Dropbox leak. As demonstrated by
the LinkedIn and Dropbox breaches, which were made public four years after the
initial breach, there are likely many more credentials circling in underground
forums that are yet to be made public.
“thedarkoverlord” offering multiple healthcare databases on the Real Deal
marketplace and, more recently, the claimed Dropbox leak. As demonstrated by
the LinkedIn and Dropbox breaches, which were made public four years after the
initial breach, there are likely many more credentials circling in underground
forums that are yet to be made public.
As a result, the number
of compromised credentials that are available online is staggering, providing a
goldmine for attackers. With this in mind, it is unsurprising that one report
claimed that breached credentials were responsible for 63 percent of data
breaches.
of compromised credentials that are available online is staggering, providing a
goldmine for attackers. With this in mind, it is unsurprising that one report
claimed that breached credentials were responsible for 63 percent of data
breaches.
Not all credentials are
created equal. In the criminal underworld there is different value to
credentials depending on their freshness, recoverability of the passwords,
sensitivity, transferability, etc. But often the same credentials can be hawked
around for months and even years after the initial breach as the hacker and his
associates try to milk the value out of them as much as possible.
created equal. In the criminal underworld there is different value to
credentials depending on their freshness, recoverability of the passwords,
sensitivity, transferability, etc. But often the same credentials can be hawked
around for months and even years after the initial breach as the hacker and his
associates try to milk the value out of them as much as possible.
The types of credentials
also impacts how the threat actors use them. Whether that be for account takeover,
extortion/ransomware, or credential stuffing.
also impacts how the threat actors use them. Whether that be for account takeover,
extortion/ransomware, or credential stuffing.
The report shows that
the top breaches were, somewhat unsurprisingly, social media platforms. Indeed,
LinkedIn, MySpace and Tumblr breaches were responsible for a respective 30
percent, 21 percent and 8 percent of the total credentials.
the top breaches were, somewhat unsurprisingly, social media platforms. Indeed,
LinkedIn, MySpace and Tumblr breaches were responsible for a respective 30
percent, 21 percent and 8 percent of the total credentials.
While the number of
credentials leaked online for the world’s 1,000 biggest organizations is
staggering. It is important to remember that this is not the whole picture and
does not provide an exhaustive list. In fact, organizations are likely further
exposed by third parties and suppliers. In reality, credential compromise
affects organizations of all sizes.
credentials leaked online for the world’s 1,000 biggest organizations is
staggering. It is important to remember that this is not the whole picture and
does not provide an exhaustive list. In fact, organizations are likely further
exposed by third parties and suppliers. In reality, credential compromise
affects organizations of all sizes.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!