What Your Company Should Do IMMEDIATELY After Discovering Your Credentials are on the Dark Web
Maintaining vigilance on the dark web is not a luxury because if you discover that your company’s credentials can be found on the dark web, it may only be a matter of time before a costly, reputation damaging catastrophe occurs. If you’re facing this unpleasant scenario, it’s time for executing an “all hands-on deck” action plan
In its simplest form, an Action Plan consists of three critical elements: discovery, remediation, monitoring.
How to Discover if Your Company Credentials are Being Offered on the Dark Web
An effective action plan begins with a dark web scan that will find if your company’s credentials have been compromised.
For a no-cost or obligation scan from DataSure24, click here or on the image at right.
Why a breach occurred is dependent upon numerous factors that may fall outside the scope of your company’s security plan. Did the breach occur recently, or is it a dump of old data from a decade ago? Do employees reuse passwords for both personal and work-related websites, and if so, does this password match the one from the breach?
Dark web scans work by monitoring the common forums that are used for buying and selling personal information on the dark web. The best way to prevent cybercriminals from using company’s credentials is to leverage dark web scanning tools that monitor forums and other sites that trade company information so your management and network security team can know what cyberthieves know before it is used.
When a hacker posts information online, they’ll post employees’ username and an encrypted copy of their password (called a hash) proving to prospective buyers that they have “the goods” for sale. Cybersecurity consultants can conduct a daily dark web scan, and report via a notice to a company’s management or network administrators if, when and where company employees’ usernames and passwords are found.
Change Passwords: Immediate Steps Your Company Should Take After a Dark Web Discovery
Simply stated, companies must create policies, processes and requirements that employees frequently changing their password.
A recent poll by Keeper Security found that 87% of respondents ages 18-30 reuse passwords and 81% of respondents 31 and older reuse the same password. This pattern occurs at work too, where the same password that is being used for shopping online is the same password that is used for a corporate login.
Current best practices have users change passwords every 90 days, and passphrases every 180, but best practices alone cannot stop another breach. Cycling passwords creates a smaller window of opportunity for hackers to sell a company’s credentials. Coupled with a dark web scanning service, a company can create a strong cyber defense … if employees are educated and monitored to make necessary changes on a frequent basis.
Additional steps may be taken such as using a password manager or utilizing two factor authentications. Even with a password compromise, if the attacker does not have a secondary authentication device, they cannot gain access to your company’s confidential information. Password managers may also help by providing information such as which websites are sharing the same password. They can also generate random passwords to ensure no two passwords are similar.
Prevent Future Dark Web Scams via Monitoring
The third element of an Action Plan for defending against Dark Web scammers is continuous monitoring. This can be done on an outsourced basis, or through periodic searches using either free or paid tools.
Monitoring can include looking into the following types of sites that can be found on the dark web:
- Hidden chat rooms
- Private websites
- Peer-to-peer networks
- Social media platforms
- Black market sites
- 640,000+ botnets
Free solutions exist, such as www.haveibeenpwned.com, which will tell you if an employee’s email has been detected in a leak, but not the password that was used. Using a website like this will at least let a company know that a problem exists so remediations can be executed.
Taking the first step and understanding your visibility on the dark web should not be a one-shot effort. A cybersecurity consultant can review monitoring options with you, including features, benefits, costs and resource requirements. Unfortunately, in today’s business world, monitoring for security is a new cost that must be included in company operating budgets, but over the long run, it’s a small price to pay considering the costs of remediating a breech.
Connect with a DataSure24 Cybersecurity Expert
Discovering that employees’ credentials are on the dark web may not always spell disaster but implementing effective policies and maintaining vigilance on the dark web by utilizing dark web scans may prevent you from becoming the source of another hack. We can help.
If you have questions or concerns, or want to discuss your situation, please contact us for a no cost or obligation discussion. Contact us via form, here, or call me at 716.600.3724 today.View full article
The Dark Web makes buying and selling of company data and credentials almost risk free
It’s very likely that today, right now as you read this, your company’s credentials are being marketed and sold on the dark web. This could be your fault caused by untrained employees duped into releasing information, or your credentials might be part of a much larger data capture form a third party – like a bank or credit card company – that got hacked to the tunes of millions and millions of data entries including yours.
Exactly how are criminals using your information, what types of gains do they hope to realize and what can you do to prevent or defend against abuse of your credentials?
Layers of the Web
Within the world of the internet there are three different areas or layers of the web:
- Surface Web
The Surface web is the area of the internet that most people use on a day to day basis. This area of the web can be indexed by search engines. That means the pages on the surface web can be found by Google, Yahoo, Bing etc. As of Sunday, February 24, 2019 the surface web consists of at least 5.15 billion pages
- Deep Web
The deep web is like the surface web but has one main difference, it cannot be indexed. You spend a lot of time in the deep web, most likely without even knowing it. Examples of deep web sites/pages are internal company networks, databases, certain government websites, email and cloud service accounts, banking sites, and most sites you can only get onto using a username and password.
- Dark Web
The deepest and most obscure of the three areas is the dark web which is a layer of information and pages accessed through “overlay networks.” Special software is required to access this content because most of it is encrypted.
What Criminals on the Dark Web Hope to Get from Your Business
In the encrypted pages of the Dark Web, you can find almost anything, from legitimate and illegitimate social networks and chat sites, to solicitations for hitman, to black-market organizations selling guns, drugs and pornography − all while maintaining anonymity.
The dark web is one of the few spots on the internet that “true anonymity” is achievable. I put true anonymity in quotations because it is hard to say whether people on the dark web are truly anonymous or just hidden extremely well.
Using tools such as TOR on top of a VPN anyone can get very close to being truly anonymous, making the buying and selling of data and credentials almost risk free. That’s why the dark web is thought to be a safe home for criminals/organizations who are marketing and selling your company’s information for one of the following purposes:
- Financial Gain
Financial gain is a driving factor for many hackers and organizations. Hackers will gather very large amounts of credentials from multiple organizations and sell them for 2-3 dollars on the dark web. This doesn’t sound very rewarding but is some cases these cyber criminals are selling 50 million or more credentials. The amount of total sales going on within the dark web is unknown although some sources estimate it to be more than $500,000 in sales a day.
There is a community of people who consistently access the dark web who belong to underground forums, social networks, and chat rooms that can be particularly dangerous for your company’s brand or reputation. They’re not motivated by buying or selling your company’s data – they’re motivated by creating chaos and the challenge of doing it for fun, just to prove they can.
When breaches are originated by these “fun seekers”, they usually give the credentials/information away or sell millions for a very small amount of money, like a Russian hacker that goes by the alias “The Collector” who last year, sold 272 million credentials for less than one dollar.
- For a Social Purpose or Cause
Some cyber criminals are idealists trying to expose injustice, some are hacktivists trying to take down corrupt governments and religious groups, and some have political motives.
An example of a social purpose driven data breach is the Ashley Madison data breach from 2015. Ashely Madison was a commercial website billed as enabling extramarital affairs. A group called “The Impact Team” stole more than 60 gigabytes of company data, including user details like real names, home addresses, search history and credit card transaction records. The group then released the information on the dark web to expose and publicly shame those who participated.
How to Mount a Cybersecurity Defense and Dark Web Protection Action Plan for Your Business
Read our blog post: Cyberattack Strategies: Going on the Offense Against Cyberattacks
I don’t want to leave you with the impression that everything going on within the dark web is illegal, because it’s not.
The first and most critical step of that dark web protection plan is to perform a scan of the dark web to see if, where and how your company’s credentials are being compromised. We’re pleased to offer a free scan of the dark web to this end, which can be initiated by clicking on the button.
If you have more immediate concerns, contact us via form, here, or call me at 716.600.3724 today.View full article