Posts

More Than 40% of SMBs Face Dark Web Risks

We offer a monitoring service for dark web risks.  In August, we received a alerts for more than 40% of the companies we monitor.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach.

Direct and Indirect Threats

Third party breaches pose direct and indirect threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Threat Sources

Sources for Dark Web threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more.

Protecting Yourself and Your Business

More than 70% of people use the same or similar passwords across systems.  When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

Passwords – 3 Fails and 3 Wins

Data protection iconBad passwords are the cause for over 80% of cyber security incidents.

Bad passwords are bad for business.  ID Agent, a leading provider of Dark Web ID monitoring and protection services, recently surveyed over 2 billion passwords to find the worst problems and mistakes. The research boiled down the least secure passwords into three groups.

  1. Team Pride: Using your favorite team or team slogan is risky. This information about you is often easily found on social media.
  2. Rock and Roll: Your music preferences are also likely visible to the world on social media and in streaming services. As these services may or may not be secure, band names, song titles, and artists are high risk passwords.
  3. Heroes: Heroes are weak and vulnerable when they are part of your password. Our favorite hero — fictional or not — is easily discoverable and exploitable.

Bad password habits can lead to Dark Web exposure. Here are 3 ways to protect yourself.

Communicate and Educate: Consistently communicate with your team about cyber risks and the need for good password habits. Educate and guide your team to reinforce behaviors.

  • Discourage reuse, sequential, iterated, recycled, or simple passwords.
  • Encourage use of secure, company-approved, password vaults.
  • Solve access problems to prevent the need for sharing passwords for convenience.
  • Increase phishing training to avoid password compromises.

Prevent & Protect: One of the best ways to prevent breaches due to compromised passwords is to add multi-factor authentication (MFA) for every user.

  • Weak user-made passwords are stronger with a second identifier.
  • Stolen/compromised passwords are much harder to use with MFA in place.
  • MFA is a compliance tool with HIPAA, PCD-DSS, SJIC, and other industry and legal regulations.
  • Identifiers and tokens can be delivered via phone, app, or fob.

Other prevention and protection strategies include: advanced threat protection, encryption of data at rest and in motion, permissions management, and dark web monitoring.  Dark Web monitoring lets you know when personal or company data is circulating, even if you have not had a breach. Third-party partner and service breaches put your systems and data at risk. As such, you should:

  • Monitor the Dark Web for lists of you company’s potentially compromised passwords and available personally identifiable information (PII).
  • Spot compromised passwords that employees may be reusing on our systems.
  • Find password and credential threats quickly, to mitigate them faster.

Respond and Recover: Even with protections in place, cyber attacks can succeed.  Whether a data breach, denial of service attack, or ransomware, be prepared to respond and recover. You want and need to get your business up and running as quickly as possible.

  • Backup all company data, on premise and in the cloud, so that you can recover corrupted files quickly.
  • Have business continuity solutions in place for critical systems and applications, so that you can be up and running in minutes or hours, rather than days or weeks.

Your Next Step

CPR With “CPR” in mind, learn how Cumulus Global can help you minimize your risks and maximize your recovery to ensure your business continues to run smoothly.

Schedule a complimentary cloud advisor appointment to learn more.

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain