The dark web has become known as a place where cybercriminals resell stolen sensitive information, including emails, usernames, passwords, financial information, etc. If you find your information on the dark web, it’s imperative to take immediate action to mitigate any cyber risks that exposure poses to you or your organization. According to Verizon DBIR, 61% of breaches involved account credentials (username and password), with stolen credentials used in 25% of breaches. In addition, credentials are the favorite data type of criminal actors as they are valuable for pretending to be legitimate users to exfiltrate other data. Every organization should assume that some level of user information is accessible to cybercriminals given that over the last five-years, 11.7 billion credentials have been leaked. This in turn means there are potential vulnerabilities to your network, information, databases and intellectual property.
How did my information get on the dark web? Some potential ways are…
1. Data breaches from companies such as Adobe, Equifax, MyFitnessPal, Yahoo, Target, eBay, Anthem, and many more over the years have contributed to information getting stolen and published on the dark web.
2. Unsecured public Wi-Fi. Avoid using public Wi-Fi as these networks are not password protected, or contain easy to guess passwords. These public networks allow bad actors to distribute malicious software, gather data, carry out man-in-the-middle attacks, and many more. Consider using a VPN to ensure security of your connection, should you absolutely need to use a public Wi-Fi network.
3. Cybercriminals conduct brute force attacks which are conducted typically through trial and error to crack passwords, login credentials and encryption keys. When successful, bad actors gain access to confidential web application information, account information (personal data, from financial, medical, etc.), and sometimes even spread malware. Essentially, any website with a login page is a potential target. Complex passwords, limiting login attempts, among other things, assist with mitigating this attack vector.
4. Unencrypted websites allow bad actors to conduct a “man-in-the-middle” attack and collect information you enter on the websites you visit. If a website starts with HTTP, that means the information is not encrypted and easily readable by bad actors. HTTPS is more secure for websites and its users.
5. Sometimes information is obtained through physical documents such as bills or statements that are not properly disposed of or shred before throwing away.
How can you protect yourself and your organization if your information is on the dark web?
While there isn’t a way to remove your organizational or employee’ information from the dark web, there are measures you can take to better protect your infrastructure.
1. If you’ve identified a leaked credential, you’ll need to change passwords immediately and if that same password is used for multiple accounts or systems, change them as well. We see this often, according to Dataprot, 51% of people have the same password for their work and personal accounts, making your organization more vulnerable. In addition, credential databases that are available on the dark web are at times “stale”. Therefore, your IT team should conduct a check to see if the leaked credentials are active within your company by checking your network directory.
a) Consider using a password manager to generate complex and secure passwords for you. Browse our Cowbell Rx ecosystem of cyber risk management and security partners for potential solutions.
2. Enable Multi-Factor Authentication as it can assist in preventing others access to your account even if your username and passwords are leaked on the dark web.
3. Scan your systems for malware to be on the safe side. Per the IBM Data Breach Report, breaches due to compromised credentials took on average 250 days to identify and 91 days to contain. It was the leading attack vector with the longest lifecycle. Check your network, computer, and other devices with operating systems.
4. Stay proactive and educated on cybersecurity awareness. Learning how to identify and avoid various social engineering attacks from phishing, smishing, vishing, and business email compromise (BEC) is crucial to keeping your information and organization safe. According to the State of the Phish Report, phishing, spear phishing/whaling, and BEC are all up across the board from prior year. Email remains the top attack vector for cybercriminals to compromise organizations and individuals.
a) Cowbell offers free cybersecurity awareness training through our Cowbell Rx partner, Wizer.
All it takes is one leaked credential for cybercriminals to gain access to your network or systems. If you’re interested in learning what information is exposed on the dark web, Cowbell offers free dark intelligence reports of our findings for policyholders. Please reach out to our risk engineering team.