Keeping tabs on breached passwords is a must for those embroiled in the IT security battle. According to the 2020 Data Breach Investigations Report, 80% of data breaches in 2020 stemmed from stolen or brute-forced credentials. The stakes are high. Just one set of exposed credentials could allow access to sensitive or protected data in your network, and you may not ever detect it!
Foresite’s Breach Response Service includes Dark Web scans that look for exposed credentials that can be associated with your domain. For example, let’s say Jane Smith wanted to share a file with a co-worker in another location, and the file was too large to send via email. Jane finds an online file sharing service and signs up for a free account with her work email as the login and uses the same password that she uses to sign in to your Office 365 because she doesn’t want to forget what the password to this new account is, and she uses the O365 password every day.
At some point down the road, the file sharing service is breached because they had a server that was not adequately secured, and the credentials of all users are now for sale on the Dark Web. Jane Smith worked at a law firm that was a target for hackers because of the high profile clientele, and one or more of them can log in to the firm’s O/M365 as Jane Smith because the password has not changed, and Multi-Factor Authentication is not in use. Now the hacker(s) can access any of the data that Jane Smith has permissions to see, potentially every single client’s files.
Can you detect this kind of activity? Likely not, unless you have threat monitoring in place on the right assets to alert on unusual activity, such as Jane Smith logging in twice from two different locations, or Jane Smith (or any user) logging on and transferring a large amount of data, or Jane Smith logging on and escalating her account privileges to administrator level. You would also need someone watching 24/7 to investigate the alert and take appropriate action.
Curious about how many leaked credentials might be exposed for your organization?