A new research revealed the fact that spear-phishing and password re-use attacks are used by cybercriminals for accessing millions of corporate credentials and selling them in the Dark Web. According to Davey Winder from Forbes,
“More than 21 million credentials belonging to Fortune 500 companies were found, 95% of these included plaintext passwords that were either cracked by the attackers or stored unencrypted in the first place. An analysis of those nearly 20 million passwords revealed that only 4.9 million were unique.”
Here is a list of passwords you should not use:
In this new research, it points out that technology, financials, and health care are the top 3 industries with the largest numbers of stolen credentials. The most popular passwords are classified based on industries, and the top 10 industries with weak or default passwords are retail (47.29%), telecommunications (37.57%), industrials (37.36%), transportation (36.19%), financials (35.12%), motor vehicles & parts (34.98%), aerospace & defense (34.44%), technology (33.87%), health care (33.47%), energy (32.56%). In addition, the most popular sources exposing breaches are third parties, trusted third parties, and companies themselves. This research also found that around 42% of stolen passwords are made based on either the victim’s company name or the breached resource in question, and around 11% are default passwords.
As the research revealed that cybercriminals steal credentials and other data with spear-phishing campaigns, social engineering, and password re-use attacks, it is necessary to apply some helpful measures listed below for reducing your stolen data:
- A comprehensive inspection of digital assets;
- Organization-wide password policy enforcement;
- Continuous security monitor on vendors, suppliers;
- Active detection of spot intrusion, phishing, and password re-use attacks;
- Improvement of employees’ security awareness training.
Contact LIFARS Today For
Security Advisory Services