We offer a monitoring service for dark web risks. In August, we received a alerts for more than 40% of the companies we monitor.
Threats from information mining and third party breaches continue to pose a risk. The level of risk varies based on the source, scope, and nature of the breach.
Direct and Indirect Threats
Third party breaches pose direct and indirect threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system. Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.
Direct threats, while less common, represent a breach of usernames and passwords for your system. The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access. While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.
Indirect Threats take many forms. Identities with similar passwords are sold to hackers that will use them to gain access. Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks. Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.
Sources for Dark Web threats vary. Most common is a third party breach, for example the LinkedIn breach in 2018. Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services. Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google, Salesforce, and others.
Growing in frequency, hackers grab personally identifying information matched to known email addresses. While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks. Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks. When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more.
Protecting Yourself and Your Business
More than 70% of people use the same or similar passwords across systems. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.
An additional risk from third-party systems is the risk of personally identifying information, or PII. With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.
Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.