Last week, we hosted a webinar, “Locking Down Leaked Credentials Before They’re Exploited by Hackers,” to demonstrate proactive steps you can take to identify leakages and prevent them from being used. If you weren’t able to attend one of the sessions, you can watch the full recording below and read through some of the highlights and key takeaways.
Hackers and other threat actors use leaked credentials as easy entry points to access corporate systems and steal sensitive data. Cybersecurity teams must vigilantly monitor for leaked employee credentials across the internet, but large-scale database leaks like Collection #1 further complicate the matter. Your organization must be able to quickly identify, process, and validate if leaked credentials are active and could be used to infiltrate corporate systems.The goal for this webinar was for attendees to learn:
- Which sources to monitor for and identify new leaked credentials
- How to quickly validate if credentials are new or recycled
- How to automate the credential lock down process before hackers can use them
Here are some of the highlights and important takeaways we presented in the webinar.
Cybercriminals use credential leaks to gets their hands on sensitive data
The massive leak known as Collection #1 revealed key challenges in defending against credential leakages. Collection #1 comprises a database of 773 million records, posted on the popular hacker hub Raidforums in January and subsequently circulated around the internet.
IntSights has observed a spike in data leak incidents in our own data following Collection #1, as the average number of incidents affecting our clients jumped nearly 400 percent from January to February. Much of this is due to the Collection #1 leak, as well as a handful of subsequent leaks (known as Collection #2-5).Credential leakages are imminent – the recent database leaks demonstrate just how prevalent they are in cyber black markets. So, what can you do to lock them down before they become threats? It’s imperative that you continuously monitor a wide range of sources across the open, deep, and dark web. Some of the sources to watch are:
- Dark web forums
- Black markets
- Private chat channels
- Paste sites
- File sharing sites
- GitHub and other web-based sharing tools
Employees’ credentials could be floating around in any of these places. If they fall into the wrong hands, they could leave your organization’s systems vulnerable.
How to mitigate the risk of credentials falling into the wrong handsAvoiding credential leakages entirely is improbable, but you should be doing all you can to mitigate their impacts. A good process consists of three primary mitigation activities:
- Thoroughly identifying credentials across any source
- Validating whether the credentials are from your organization and if they are still active
- Remediating the credentials that may pose a direct threat to the business
Remember – a faster, more efficient process means the potential risk facing your organization faces is lessened. Automating this process with a comprehensive threat intelligence solution can reduce risk and prevent attacks before they even occur.
Watch the full webinar on demand to learn best practices for protecting your organization against credential leakages.