The Week in Breach – Huge Pools of Fresh Dark Web Data Add to Password Reuse Risks for Everyone

Make sure to add us or contact us for the latest news



Password Reuse Risk is Exacerbated by Dark Web Data


The perennial problem of password reuse risk is becoming more dangerous and the trail of that increased threat can be traced right back to the dark web. While the world economy may still be experiencing challenges, the dark web economy is running on all cylinders and the data markets are full of eager buyers. About 60% of the data that was already on the dark web at the start of 2020 could harm businesses. Then that generous pool was augmented by an estimated 22 million new records that landed in dark web data markets and dumps in 2020. This influx of data gave cybercriminals plenty of new fuel to use in password-based cyberattacks – and they didn’t waste any time making the most of those new resources in 2021.

Trouble Comes in All Shapes and Sizes


In a recent survey of Fortune 1000 companies, researchers discovered a hefty chunk of exposed data including passwords for 25.9 million Fortune 1000 business accounts. Taking a deeper look, investigators also found an estimated 543 million employee credentials for Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps. That translates into an estimated 25,927 exposed passwords per company, marking a 12% increase from 2020 and indicating an elevated risk for cyberattacks and hacking for those companies.

Even more worrisome is that credentials for about 133,927 C-level Fortune 1000 executives were also available in the markets. These accounts are especially prized for their elevated user privileges in company systems as well as their credibility when conducting business email compromise schemes. Unless the affected companies are using secure identity and access management tools, just one privileged password in the hands of cybercriminals can open a business up for a cascade of expensive, damaging security nightmares.  Altogether, researchers estimate that a total of 76% of employees and executives at the world’s largest companies are still reusing passwords across personal and professional accounts.

Over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were available, making it easy for bad actors to conduct impersonation and fraud operations as well as answer the “secret questions” that are so popular in many applications. researchers also noted a pattern — a 60% password reuse rate among email addresses in surveyed databases exposed in more than one breach in 2020.



Low Standards and Lax Policies Create Danger


No industry is immune to the powerful lure of password recycling and iteration, especially in the era of remote and hybrid work making passwords more insecure than ever. Even though the danger is well-known to IT professionals, about 60% of respondents in a recent IT professional survey indicated their organization had experienced a password recycling/reuse/iteration-related security breach in the past year alone. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%). Media professionals also frequently used explicit phrases as passwords.

Many companies aren’t even bothering to enforce any standards at all. Researchers also found rampant password iteration like “password” becoming “password1” or “passw0rd.” Commonly used passwords appeared thousands of times in dark web datasets: “123456” appeared 75,287 times, while “password” and “aaron431” showed up 61,762 and 36,775 times, respectively. The use of weak passwords, such as “123456” and “password” was rampant among top Fortune 1000 companies. Media professionals also frequently used explicit phrases as passwords.



Mitigate This Risk Quickly and Cheaply


Although password reuse and recycling is a common foe for cybersecurity teams, mitigating that risk is both simple and affordable with two smart solutions that maximize security and minimize cost.

SHORT TERM: Secure Systems and Data with MFA

Immediately adopt multifactor authentication (MFA) to stop password reuse and recycling from having the power to cause a devastating cyberattack — MFA alone stops 99% of password-based cybercrime in its tracks.

LONG TERM: Find and Fix Credential Vulnerabilities with Dark Web ID

Dark Web ID is the secret to continuous protection from dark web password reuse risk. Dark Web ID watches every corner of the dark web, including more than 640,000 botnets, hidden chat rooms, unindexed sites, private websites, peer-to-peer (P2P) networks, internet relay chat (IRC) channels, social media platforms, black market sites, hacker forums and all of the places that cybercriminals do business 24/7/365 to alert companies to credential compromise danger.

Get your defenses ready for a new onslaught of password-related cybercrime risk. Contact our solutions experts today for a personalized demo to see how we can benefit your business.


Dark Web ID’s Top Threats This Week


 

United States – Metropolitan Police Department of the District of Columbia

https://www.washingtonpost.com/local/public-safety/hacking-group-that-targeted-dc-police-briefly-posts-internal-police-files/2021/04/29/db18c98c-a8f2-11eb-8c1a-56f0cb4ff3b5_story.html

Exploit: Ransomware

Metropolitan Police Department of the District of Columbia: Law Enforcement Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The Babuk Locker ransomware gang snatched data from the DC Metropolitan Police. The sample the cybercrime group posted, included 576 pages of personnel files including full names, Social Security numbers, phone numbers, financial and housing records, job histories and polygraph assessments for current and former officers. That data was briefly visible on the gang’s site, but taken down after a short period. No word on whether the gang was paid or the exact contents of the stolen files. In total, the Babuk Locker gang claims it downloaded more than 250 GB of data from DC Police servers.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.166= Severe

Current and former employees of the Metro Police may be in danger for spear phishing, identity theft or blackmail and should remain alert for fraud attempts.

Customers Impacted: Unknown

How It Could Affect Your Business: Data theft like this is the bread and butter of cybercrime. This data is especially desirable because it contains information about law enforcement. When storing this kind of information, ensuring that you’re using multifactor authentication is essential as is antiphishing security to guard against ransomware.

IntegraMSP to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide“. GET THIS FREE BOOK>>


United States – Illinois Office of the Attorney General

https://therecord.media/ransomware-gang-leaks-court-and-prisoner-files-from-illinois-attorney-general-office/

Exploit: Ransomware

Illinois Office of the Attorney General: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.807= Severe

The DopplePaymer ransomware gang has leaked a large collection of files from the Illinois Office of the Attorney General after the agency declined to pay the ransom that they gang demaded. The cybercrimnals released information from court cases orchestrated by the Illinois OAG, including some private documents that do not appear in public records. the data also contains personally identifiable information about state prisoners, notes of their grievances, and case information.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177= Severe

In the documents posted so far there is some personal data for prisoners, but the full extent of the breach is not clear. formerly incarcerated people may be at risk of blackmail or spear phishing.

Customers Impacted: Unknown

How it Could Affect Your Business More than 50% of businesses were impacted by ransomware in the last 12 months. by taking sensible precautions like antiphishing software, secure identity and access management and updated security awareness training, companies can avoid this menace.

IntegraMSP to the Rescue: Make sure that you’re covering all of the bases to avoid breaches and nasty regulatory action with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Pennsylvania Department of Health

https://6abc.com/covid-19-contact-tracing-coronavirus-pennsylvania-pa-data-breach-insight-global/10560542/

Exploit: Third Party Data Breach

Pennsylvania Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.803 = Severe

The Pennsylvania Department of Health received an unpleasant shock when it learned that the third-party firm it had employed to process contact tracing data had made data handling mistakes, potentially opening thousands of residents of the Keystone State up to trouble. The contractor, Atlanta-based Insight Global reported that several employees violated security protocols to create unauthorized documents outside of the secure data system that the state’s contract required using the data collected.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.277 = Severe

Some of the records in question associated names with phone numbers, emails, genders, ages, sexual orientations and COVID-19 diagnoses and exposure status. They did not include financial account information, addresses or Social Security numbers. A daytime hotline is available for anyone concerned they might have been involved at 855-535-1787. Free credit monitoring and identity protection services will be offered.

Customers Impacted: 72,000

How it Could Affect Your Business: No business is an island. That’s why it pays to take precautions against potential intrusions and data theft that results from a service provider’s cybersecurity failure

IntegraMSP to the Rescue: Keep your data in and the bad guys out with MFA. Contact us to let us help you keep the bad guys out. CONTACT US


United States – Wyoming Department of Health

https://www.infosecurity-magazine.com/news/data-breach-impacts-1-in-4/

Exploit: Unsecured Data

Wyoming Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.303 = Severe

Wyoming’s Department of Health (WDH) has announced the accidental exposure of personal health information belonging to more than a quarter of the state’s population on GitHub.com. The data breach occurred when an estimated 53 files containing laboratory test results were mishandled by a worker. Data in the leaked files included test results for flu and COVID-19 performed for Wyoming. One file containing breath alcohol test results was also exposed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.676 = Severe

Along with the test results were patients’ names, ID numbers, addresses, dates of birth and dates of when tests had been carried out. WDH has begun the process of notifying impacted individuals and victims will be offered a year of free identity theft protection.

Customers Impacted: 164,021 Wyoming residents and others

How it Could Affect Your Business: Taking care of business includes taking care of training to prevent slip-ups like this that will ultimately cost the state million after remediation and fines.

IntegraMSP to the Rescue: Security awareness training including phishing resistance  is easy and painless for trainers and employees. CONTACT US TO FIND OUT MORE!>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.