Are Your Company's Credentials for Sale on the Dark Web?
WHAT IS THE DARK WEB?
The Dark Web is a hidden universe contained within the “Deep Web”- a sublayer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
Percentage of adults in the U.S. using the same or very similar passwords for multiple online services
Passwords are a twentieth-century solution to a modern-day problem. Unfortunately, user names and passwords are still the most common method for logging onto services including corporate networks, social media sites, e-commerce sites and others
Average number of breached data records, including credentials, per
User names and passwords represent the keys to the kingdom for malicious attackers. Criminals who know how to penetrate a company’s defenses can easily steal hundreds or even thousands of credentials at a time.
$1 - $8
Typical price range for individual compromised credentials
A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in purchasing credentials. And by selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers.
What Can An Attacker Do with Compromised Credentials?
Send Spam from Compromised Email Accounts
Deface Web Properties and Host Malicious Content
Install Malware on Compromised Systems
Compromise Other Accounts Using the Same Credentials
Exfiltrate Sensitive Data (Data Breach)
Protect Against Credential Compromise!
While there is always a risk that attackers will compromise a company’s systems through advanced attacks, most data breaches exploit common vectors such as known vulnerabilities, unpatched systems and unaware employees. Only by implementing a suite of tools including monitoring, data leak prevention, multifactor authentication, employee security awareness training and others - can organizations protect their business from the perils of the dark web.