Surge in exposed credentials puts companies at risk

The volume of credential exposures has increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis by Anomali. 77% of the FTSE 100 were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials.

Suspicious domain registrations by country

In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords.

A significant number of credentials linked to FTSE 100 organisations were still left compromised over the three months following the discovery. This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber attacks.

Targeted brand attacks and exposed credentials

“Our research has uncovered a staggering increase in compromised credentials linked to the FTSE 100 companies. Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords. While companies should invest in cyber security tools that monitor and collect IDs and passwords on the Dark Web, so that staff and customers can be notified immediately and instructed to reset accounts,” said Colby DeRodeff, Chief Strategy Officer at Anomali.

The Anomali research team also analysed suspicious domain registrations, finding 82% of the FTSE 100 to have at least one catalogued against them, and 13% more than ten. In a change to last year the majority were registered in the United States (38%), followed by China (23%).

With the majority of cyber attackers using gmail.com and qq.com (a free Chinese email service) to register these domains to mask themselves. With a deceptive domain malicious actors have the potential to orchestrate phishing schemes, install malware, redirect traffic to malicious sites, or display inappropriate messaging.

Top malicious registrant email domains

Threat intelligence

For the second year, the vertical hit hardest by malicious domain registrations was banking with 83, which accounted for 23%. This is double that of any other industry. To avoid a breach, organisations have to be more accountable and adopt a stronger cyber security posture, for themselves and to protect the partners and customers they directly impact.

“Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain. This information can then be routed to network security gateways to keep inbound and outbound communication to these domains from occurring. No one is 100% secure against actors even with the intent and right level of capabilities. It is essential to invest in the right tools to help secure every asset, as well as collaborate with and support peers in order to reduce their risks to a similar attack,” continued Mr. DeRodeff.