InTegriLogic Blog

Let Dark Web Facts (Not Hype) Inform Your Security Decisions

Dark web threats are growing increasingly more dangerous as a booming dark web economy drives cybercrime to new heights, setting records for phishing, hacking and (of course) ransomware. This cybercrime wave is creating additional pressure on already overstressed cybersecurity teams. But there’s a lot of hype out there about the dark web that’s designed to scare instead of inform. Let’s cut through the noise with some real dark web facts.  

Don’t make decisions about your organization’s security posture until you see these essential 2021 Dark Web facts.

• Dark Web activity has increased by 300% in the last 3 years.
• Over 30% of North Americans access the dark web regularly.
• In 2020, credentials for about 133,927 C-level Fortune 1000 executives were available on the dark web
• More than 22 billion new records were added to the dark web in 2020
• Satellite affiliates of cybercrime gangs pay the boss gang 10 – 20% of the take on each successful job
• An astonishing 25,927,476 passwords that belong to employees at Fortune 1000 companies were available readily in dark web markets and data dumps.
• About 65% of active criminal gangs rely on spear phishing powered by dark web data to launch attacks.
• The largest credential file to ever hit the dark web at once is the RockYou2021 password leak.
• Hackers attack every 39 seconds, on average 2,244 times a day.
• 60% of the information available on the Dark Web could potentially harm enterprises.

 

What’s For Sale on the Dark Web?

In addition to information, Dark Web markets also deal in other nefarious things like criminal services, espionage, illegal collectibles or animals, human trafficking, credit card numbers, drugs, guns, counterfeit money, stolen goods, cybercrime software, cracked credentials and other illicit items. Cybercriminals also enjoy gambling and all sorts of strange things are in the pot at dark web online poker games. In a recent breakdown of activity in popular dark web forums, researchers noted:

• An estimated 90% of posts on dark web forums are from buyers looking to contract someone for cybercrime.
• Almost 70% of dark web forum hiring posts were looking for cybercriminals to do some website hacking.
• Over 20% were looking for bad actors who could obtain specifically targeted user or client databases.
• About 7% of forum posts were ads for hackers looking for work.
• 2% of forum posts were made by cybercriminal developers who were selling the tools

SAC Wireless

https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/
Exploit: Ransomware

SAC Wireless: Mobile Network Services
Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.

 

 

Boston Public Library (BPL)

https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/
Exploit: Ransomware

Boston Public Library (BPL): Library System
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

 

 

Envision Credit Union

https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/
Exploit: Ransomware

Envision Credit Union: Bank
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.

 

 

Atlanta Allergy & Asthma

https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892
Exploit: Hacking

Liquid: Cryptocurrency Exchange
Customers Impacted: 9,800

How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.

 

 

Germany – Puma

https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html

Exploit: Hacking

Puma: Sportswear Brand
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.

 

 

Thailand – Bangkok Airways

https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/
Exploit: Ransomware

Bangkok Airways: Airline
Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

 

 
 

SAC Wireless

https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/
Exploit: Ransomware

SAC Wireless: Mobile Network Services
Customers Impacted: Unknown

How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.

 

---

 

Boston Public Library (BPL)

https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/
Exploit: Ransomware

Boston Public Library (BPL): Library System
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

 

---

 

Envision Credit Union

https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/
Exploit: Ransomware

Envision Credit Union: Bank
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.

 

---

 

Atlanta Allergy & Asthma

https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892
Exploit: Hacking

Liquid: Cryptocurrency Exchange
Customers Impacted: 9,800

How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.

 

---

 

Germany – Puma

https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html

Exploit: Hacking

Puma: Sportswear Brand
Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.

 

---

 

Thailand – Bangkok Airways

https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/
Exploit: Ransomware

Bangkok Airways: Airline
Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

 

---

 
 

Take Sensible Precautions and Set Strong Password Policies or Pay the Price

What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.

Dark Web Data is the Reason That It’s Always Password Season

The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.

This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.

Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.

Reuse and Recycling is Killing Companies

Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.

Bad Password Hygiene is Putting Your Data in Danger

• More than 60% of employees use the same password across multiple work and home applications.
• 82% of workers admitted sometimes reusing the same passwords and credentials
• 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
• 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
• About 20% of employees have reused their work password for online shopping, social media or streaming accounts

That sloppy password handling is directly responsible for data breaches. In fact, over 30% of the respondents in Microsoft’s survey admitted that their organization has experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies. That danger is has grown. People worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic. That’s a lot of new passwords to create and remember. It also means that many more passwords were recycled or reused in 2020 than in past years making password exposure through cybercrime a strong possibility.

What Do Passwords Go for on the Dark Web Anyway?

It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.

What You Can Do About It

Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.

• Enable multifactor authentication
• Never allow an employee to reuse or iterate a password
• Configure software to make password reuse impossible
• Require regular password changes
• Make it standard to create a unique password for every account
• Do not allow passwords to be written down or stored in text files
• Use a password manager and make it available for employees

These may seem like commonsense procedures for people who regularly handle information security but making sure that everyone knows that the company takes password reuse and handling seriously gives employees a sense of how seriously they need to take it too. Do a little social engineering of your own to make sure that everyone feels like they’re part of the security team.

 

Take Sensible Precautions and Set Strong Password Policies or Pay the Price

What’s the fastest way for a cybercriminal to get into a company’s environment and cause chaos? If you answered “a stolen legitimate password”, you’re right. Cybercriminals love nothing more than getting their hands on an employee password that lets them slip into systems undetected to steal data, deploy ransomware or work other mischiefs – especially a privileged administrator or executive password. Unfortunately for businesses, bad actors can often accomplish their goal without phishing. It’s become easier than ever for them to make that dream a reality thanks to the boatload of password data that has traveled to the dark web. But there are a few things every organization can do to keep their company passwords safely in-house instead of on the dark web.

Dark Web Data is the Reason That It’s Always Password Season

The dark web has always been a clearinghouse for passwords. As the years have gone by, more and more stolen records, passwords, financial information and other data has made its way to the dark web through myriad data breaches. It’s a vicious cycle. Every new breach brings a fresh influx of data into the pool, and every influx of data can spawn a new breach. This pattern will keep on repeating, making the danger of credential compromise bigger every year. Credentials were the top type of information stolen in data breaches worldwide in 2020, and cybercriminals were quick to capitalize on their successes. An estimated 20 billion fresh passwords made their way to the dark web last year.

This year’s giant influx of fresh passwords from events like the RockYou 2021 leak just keeps priming the pump for new cybercrimes, especially password-fueled schemes like credential stuffing, the gateway to all sorts of bad outcomes like ransomware, and business email compromise, the most expensive cybercrime of 2020. Earlier this summer, the personally identifying data and user records data of 700M LinkedIn users appeared on a popular dark web forum – more than 92% of LinkedIn’s estimated total of 756M users. That created an enormous splash that will ultimately ripple out into a whole new world of opportunity for cybercrime.

Big companies aren’t doing any better. In a 2021 study, researchers found the passwords for 25.9 million Fortune 1000 business accounts floating around on the dark web. If cybercriminals felt like they really needed a privileged password to get the job done, that wasn’t a problem either. Credentials for 133,927 C-level Fortune 1000 executives were also accessible to bad actors on the dark web. Altogether, researchers determined that over 281 million records of personally identifiable information (PII) for employees of Fortune 1000 companies were readily available in dark web markets and dumps, making it easy for bad actors to find and use in hacking and fraud operations.

Reuse and Recycling is Killing Companies

Far and away, password reuse and recycling is the biggest obstacle that companies face when trying to build a strong cybersecurity culture and keep their data safe. An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. Employees aren’t making the mistake of reusing passwords from ignorance either. Over 90% of participants in a password habits survey understood the risk of password reuse but that didn’t stop them because 59% admitted to doing it anyway that disconnect is a huge problem for businesses everywhere.

Bad Password Hygiene is Putting Your Data in Danger

• More than 60% of employees use the same password across multiple work and home applications.
• 82% of workers admitted sometimes reusing the same passwords and credentials
• 44 million Microsoft users admitted in a survey that they often use the same password on more than one account
• 43% of Microsoft’s survey respondents have shared their work password with someone in their home for another use
• About 20% of employees have reused their work password for online shopping, social media or streaming accounts

That sloppy password handling is directly responsible for data breaches. In fact, over 30% of the respondents in Microsoft’s survey admitted that their organization has experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies. That danger is has grown. People worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic. That’s a lot of new passwords to create and remember. It also means that many more passwords were recycled or reused in 2020 than in past years making password exposure through cybercrime a strong possibility.

What Do Passwords Go for on the Dark Web Anyway?

It depends on the password, but stolen credentials can sell for a pretty penny. For a legitimate stolen corporate network credential, you’re looking at around over $3,000. But that is far from the top price a really useful password can fetch in the booming dark web data markets. Among the most valuable leaked credentials are those magic keys that unlock privileged access to corporate networks. Those types of credentials can go for as much as $120,000. That’s a price some cybercrime gangs will gladly pay to enable them to launch ransomware attacks that can fetch them millions in ransom money.

What You Can Do About It

Protecting business credentials from exposure on the dark web is an important part of creating a sturdy defense for any business. Encouraging safe password generation and handling policies helps build a strong cybersecurity culture that keeps information security risks at the top of everyone’s mind, encouraging them to practice good password habits.

• Enable multifactor authentication
• Never allow an employee to reuse or iterate a password
• Configure software to make password reuse impossible
• Require regular password changes
• Make it standard to create a unique password for every account
• Do not allow passwords to be written down or stored in text files
• Use a password manager and make it available for employees

These may seem like commonsense procedures for people who regularly handle information security but making sure that everyone knows that the company takes password reuse and handling seriously gives employees a sense of how seriously they need to take it too. Do a little social engineering of your own to make sure that everyone feels like they’re part of the security team.