More than 2.25 Million Exposed Assets on the Dark Web
by D. Howard Kass • May 16, 2023
SpyCloud, a cybercrime analytics specialist, found in a new report that more than 2.25 million exposed assets on the dark web were tied to Fortune 1000 employees.
In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financials, retailing and media, SpyCloud calculated a 7% uptick year-over-year based on asset count. That places companies at increased risk for account takeover, session hijacking, fraud and ransomware from this stolen data.
Drawing on SpyCloud’s database of more than 400 billion recaptured assets from the criminal underground, researchers analyzed 2.27 billion exposed dark web assets. That included more than 423 million personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.
Emails, Passwords, Cookies at Risk
Here are some of the study’s findings:
- SpyCloud researchers uncovered 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords.
- SpyCloud also observed a 62% password reuse rate among Fortune 1000 employees who have been exposed more than once.
- SpyCloud recaptured 1.87 billion malware cookie records tied to Fortune 1000 employees.
These cookies allow cybercriminals to infiltrate organizations by impersonating legitimate users and gain access to an active web session, which effectively can bypass security best practices like multi-factor authentication (MFA), SpyCloud said.
SpyCloud’s researchers also identified over 171,500 Fortune 1000 employees who used an infostealer malware-infected device to log into corporate resources.
Infostealers are an increasingly common variety of malware that siphons all manner of data from the affected machine, including data stored in the browser – login URLs, usernames, passwords, auto-fill data, and much more.
Commenting on the report, Trevor Hilligoss, SpyCloud director of security research, said:
“Cybercriminals continue to evolve their tactics from capturing as much data as possible to capturing high-quality data that practically guarantees success. By leveraging session cookies, criminals can take advantage of any active platforms that utilize SSO, which essentially allows them to move freely between numerous accounts. This is a massive exposure risk and most organizations are unaware of the threat it poses or what to do to properly prevent or remediate.”
Siphoned data can continue to plague the security of user information and business systems long after a device is wiped clean. As Hilligos explained:
“Fortune 1000 companies cannot bet solely on traditional solutions and cybersecurity training to keep them safe. Instead, to remediate malware infections, organizations must focus on resetting passwords for affected applications and invalidating active sessions to negate opportunities for session hijacking. This post-infection remediation approach is critical to shut down entry points for future attacks.”
Technology Sector Shows Poor Cybersecurity Practices
Additional key findings from the report include:
- The technology sector shows consistently poor cyber hygiene.
- The technology sector has the highest number of malware-infected employees (67,723) and consumers (13.22 million); the highest number of exposed corporate credentials (7.52 million); and the most exposed malware cookie records of all industries, with 1.51 billion.
- Malware poses a significant risk to employees in the financials sector.
- SpyCloud uncovered a nearly 300% year-over-year increase in malware-infected employees tied to financial companies (15,274).
- The financials sector had the worst password reuse rate (68%).
- C-Suite exposures put sensitive data, intellectual property and financials at risk.
- SpyCloud identified over 935,786 stolen assets from 87,741 exposed C-level employees.
SpyCloud recommends Fortune 1000 enterprises take the following five measures to reduce the hazards of exposed employee and third-party identities:
- Fortune 1000 enterprises need a multi-layered strategy.
- Security teams should enforce strong password policies.
- Mandate the use of password managers to create and store unique passwords for every account.
- Enforce MFA.
- Implement a robust post-infection remediation approach to enhance their incident response.