X

Blog

ARE YOUR COMPANY’S DIGITAL CREDENTIALS FOR SALE ON THE DARK WEB?

DID YOU KNOW?

39% of adults use the same or very similar passwords for multiple online services, which increases to 47% for ages 19-29.

The average employee has 191 passwords.

PATHWAY OF DISASTER

  1. Work credentials are used for Personal Sites
  2. Sites are hacked and breached daily.
  3. Stolen data is sold at auction on the Dark Web
  4. Data is used to build a highly personalized attached against your business.

What is the Dark Web?

  • A Hidden Universe contained within the “Deep Web” – a sub-layer of the Internet
  • Reachable only through a special browser
  • Search Engines like Google, BING, Yahoo only search 0.4% of the indexed or “surface” internet.
  • The other 99.6% of the web consists of databases, private academic and government networks and THE DARK WEB.
  • The Dark Web is estimated 550 time larger than the Surface Web.
  • You can operate Anonymously = illegal activity.
  • Comes with the warning “Don’t Try This At Home”
  • Never enter the Dark Web on a regular computer, especially one linked to a network.

How Does Knowing What’s in the Dark Web Help You?

  • If you chose to monitor the Dark Web for your business credentials, you will quickly know when they show up for sale on the Dark Web.
  • Change your passwords immediately to something complex and very different from the password stolen.
  • Breaches are typically not discovered for months after the breach occurs. This provides a proactive method to reduce the likelihood of being a victim.

How Does This Service Discover Credentials on the Dark Web?

  • The data discovered is verified
    • Some sources don’t guarantee if the data is real or fake
  • Includes not just an email address
    • Includes the associated PASSWORD
    • Includes the source of the breach once acknowledged by the victim. Until then it includes the place it was found, ex. ID Theft Forum.
    • Includes type of other credentials discovered with the breach – address, SS#, etc.
  • Data harvested from sites that require credibility or membership within the hacker community.

How is Data Stolen?

  • Keylogged or Phished
    • Data was entered into a fictitious websites or extracted through software designed to steal PII (Personally Identifiable Information)
  • 3rd Party Breach
    • Data exposed as a part of a company’s internal data breach or a 3rd party website.
  • Accidentally exposure
    • Data accidentally shared on a web, social media or peer-to-peer site
  • Malicious
    • Data was intentionally broadcast to expose PII

Encrypted Data

  • Many site encrypt your password
  • Encryption is better than clearly seen
  • Encrypted passwords can be unencrypted ~25% of the time using websites
  • This is an example of an encrypted password: C0a20267f9f1e4469f8eb7bf45704218293412db

FREE 1-TIME DARK WEB SCAN

WEEKLY CYBER SECURITY TIP EMAIL

About the Author

The Author has not yet added any info about himself