Digital Credentials: Your Most Critical Business Asset
Businesses depend on their digital credentials for daily operations. Credentials such as usernames and passwords connect you and your employees to critical business applications, as well as online services. Employees are guilty of re-using login credentials across multiple accounts, a fact which is exploited by cyber-criminals and that’s why digital credentials are among the most valuable assets found on the Dark Web. Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been either informed by the authorities or suffer a data breach.
Percentage of adults use the same or very similar passwords for multiple online services, which increases to 71% for adults age 18-29
*The Harris Poll
What is the Dark Web
The Dark Web refers to the collection of websites that cannot be indexed on traditional search engines. It's the opposite of the Surface Web, which is the part of the internet you are using right now, the one that can be indexed by Google, Bing, etc., and, perhaps more importantly, tracked.
The Dark Web relies on what is known as "peer-to-peer" connections. Data is not stored on one database like the Surface Web. But instead, shared across thousands of different computers across the network, which makes it hard to uncover the source. This is why Dark Web websites are often used for illegal activity. You can upload content to the site, but there's no way of knowing from where you loaded up that content.
When you access the Dark Web, your IP address is encrypted, as is the website you are accessing. Both are also rerouted via hundreds of different servers, providing users with complete anonymity. This is why you can access websites that sell illegal goods and services without worrying about someone finding out who you are.
Average number of data records per company, including credentials, compromised during a data breach
*Ponemon Institute and IBM, Cost of Data Breach Study
How Are Credentials Compromised?
Send e-mails disguised as legitimate messages that trick users into disclosing credentials Deliver malware that captures credential
Target a popular site: social media, corporate intranet Inject malware into the code of the legitimate website Deliver malware to visitors that captures credentials
Inject malware into legitimate online advertising networks that deliver malware to visitors to capture credentials
Scan Internet-facing company assets for vulnerabilities Exploit discovered vulnerabilities to establish a foothold Move laterally through the network to discover credentials
What Can an Attacker Do with Compromised Credentials?
- Send Spam from Compromised Email Accounts
- Deface Web Properties and Host Malicious Content
- Install Malware on Compromised Systems
- Compromise Other Accounts Using the Same Credentials
- Exfiltrate Sensitive Data (Data Breach)
- Identity Theft
Typical price range on Dark Web markets for compromised credentials, ranging from online services to corporate network usernames and passwords
Protecting Against Credentials Compromise
Whilst there is always a risk that attackers will compromise a company’s systems through advanced techniques, the fact is that most data breaches exploit common vectors such as known unpatched systems, vulnerabilities, and unaware employees. Only through defense in depth - implementing a suite of tools such as multifactor authentication, security monitoring, data leak prevention, improved security awareness and others - can a business protect their credentials and other digital assets from seeping onto the Dark Web.
Dark Web ID: Find Out Before the Damage is Done
Dark Web ID provides continuous searching, monitoring and reporting on the presence of your business’s credentials on the Dark Web, and immediately notifies you so that you can take action before these critical digital assets are used to compromise your staff, networks and data. Coupled with a layered approach to security, Dark Web ID can help your organization to reduce the likelihood and impact of compromised credentials, meet compliance, and ensure that you’re not the next business in the headlines for the wrong reason.
Request your free scan!
Please fill out the form to request your free scan - we need this information to scan the Dark Web for your leaked data.
Once you've requested your complimentary scan you'll receive:
A detailed report that includes usernames, passwords, login credentials and other sensitive data.
A free consultation to answer your questions and provide advice to resolve any issues.