One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8422551 |
| Date de publication | 2023-12-14 11:00:00 (vue: 2023-12-14 11:07:19) |
| Titre | Protéger l'entreprise des fuites de mot de passe Web sombres Protecting the enterprise from dark web password leaks |
| Texte | Referenced in popular films and television programs, “The Dark Web” has achieved what many cyber security concerns fail to do in that it has entered the public consciousness. It is generally understood that the dark web is a collection of on-line sites and marketplaces, notorious for facilitating illegal activities and harboring stolen information. The details of how this underground economy function, the various levels of sophistication of its participants, and how information ends up in these forums is less broadly understood. The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. Data breaches One of the most common ways passwords are leaked to the dark web is through data breaches. Cybercriminals target organizations and gain unauthorized access to their systems and databases. Once inside, they can steal large volumes of user data, including passwords, which are then sold or traded on the dark web. A “first party” data breach is when that breach occurs in a network you are responsible for (i.e. your company). This is typically a top-of-mind concern for security and IT professionals. However, breaches of third parties that hold information about your users can be equally damaging. Because users often reuse passwords across multiple services, or use slight variations or formulaic passwords, these disclosures are critical. They result in threat actors gaining access to your network or SaaS services by simply logging or through brute forcing a greatly reduced key space which may go unnoticed. Phishing attacks Phishing attacks are another prevalent method used by cybercriminals to obtain passwords. These attacks involve sending deceptive emails, text messages, or social media messages that trick users into revealing their login credentials. Once the attacker has the victim\'s password, they can easily access their accounts or sell the information on the dark web. Keyloggers and malware Keyloggers and malware are stealthy tools used by cybercriminals to record a user\'s keystrokes, including passwords. These can be installed on a victim\'s device through malicious emails, downloads, or infected websites. This is particularly concerning in cases where the endpoints in question are not fully managed by the company. Contractors, network devices provided by service providers, users with BYOD equipment or other semi-public or public devices users might access a cloud service from are all examples of devices which can result in loss of credentials because of malware infection - regardless of the endpoint security measures taken on company owned devices. What is particularly insidious about these infections is that, unless addressed, they continue to report current credentials up to the command-and-control services across password changes and platforms. Insider threats Sometimes, passwords are leaked to the dark web through insider threats. Disgruntled employees, contractors, or other individuals with access to sensitive information may intentionally leak passwords as an act of revenge or for financial gain. Protecting Your Passwords: Best Practices While the risks associated with password leaks on the dark web are real, there are steps you can take to protect your organization from being impacted by these disclosures: Educate users: By now it is difficult to find an organization that doesn’t have a policy and technical controls to enforce the use of strong passwords in their environment. Building on that to train users when it is acceptable to use a company provide email address for service |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “first “the it about acceptable access account accounts achieved across act action active activities actors additional address addressed adds all allows another any app approved are associated attacker attacks attempting attempts audit authentication autofill automated automation available bar because being best breach breaches broadly brute building but byod can cases change changes cloud code collection combined command commit common company compare complex compromise compromised concern concerning concerns conclusion consciousness continue contractors control controls credentials critical current cyber cybercriminals damaging dark data data: databases deceptive details device devices difficult disclosed disclosure disclosures disclosures: discuss disgruntled doesn’t domain downloads each easier easily economy educate education efforts email emails employees enable endpoint endpoints ends enforce entered enterprise environment equally equipment essential evaluate ever evolving examples exploit explore exposed extra facilitating factor fail films financial find fingerprint following fool forcing formulaic forums found fraud from fully function further gain gaining generally generate great greatly guidelines harboring has have having health help hold how however identify illegal impacted improve including incorporating individuals infected infection infections information inside insider insidious installed intelligence intentionally involve its key keyloggers keystrokes landscape large latest launch layer leak leaked leaks less let’s levels line logging login loss made maintain making malicious malware managed manager manager: managers many marketplaces markets may measures media message messages method methods mfa might mind mitigate monitor more most multi multiple must network next nist not notorious now obtain occurs often once one operations organization organizations other outside over overall owned owner participants particularly parties party” password passwords passwords: per phishing platform platforms policy popular practices preferably prevalent proactively professionals programs proof protect protecting provide provided providers public question raise real record recovered reduce reduced referenced regardless regularly remediating report requiring resilient responsible result resulting reuse revealing revenge risk risks saas safeguard secure security select sell semi sending sensitive service services should significantly simply sites slight social sold solution solutions sometimes sophistication space stakeholders standard staying steal stealthy step steps stolen store strategies strength strong such systems take taken taking target technical television tested text them then these third threat threats through today tools top trade traded train training trick typically unable unauthorized underground understanding understood unique unless unnoticed use used user users users: using values variations various verification victim vigilant volumes ways web web” websites what when where which will withstand your |
| Tags | Data Breach Malware Tool Threat Cloud Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.