Threat intelligence research carried out by UK-based security firm Anomali uncovered the presence of over 5,000 login credentials that can allow hackers access to various sections of an IT network belonging to the world’s top 100 companies.
Anomalithese login credentials, complete with usernames, email addresses, and cleartext passwords on the Darkweb, various paste sites, underground hacking forums, or posted online through accidental exposures, such as screenshots or photos.
Most of the time, the cause of these data breaches can be tracked down to employees reusing work email and password combinations for personal accounts, or the opposite, when they use personal credentials for work-related accounts.
Recent mega data breaches may be to blame
With the, more and more of these personal accounts, complete with plaintext passwords, along with usernames and emails, are reaching the public Internet.
As an example, Anomali even points out that, in April, 40 employees from 23 of these big-name companies had their corporate work credentials exposed after a UK-based football website had been compromised and its data dumped online.
Similarly, but not included in the Anomali report, when Troy Hunt reports about a new data dump added to the Have I Been Pwned service, he often points out how many .gov email addresses were included in the breach, usually for sites for which these emails should have never been used, like adult dating portals.
Anomali says that the credentials it observed in such data breaches were spread across all business verticals, but a large chunk belonged to employees from the oil and gas industry, pharmaceuticals, consumer goods, banking, telecommunications, and military.
Crooks also registered over 500 look-alike corporate domains
Another possible and very likely method through which these credentials have been exposed includes phishing schemes. These types of attacks usually need a look-alike domain, where the credentials phishing page can be hosted.
The security firm also noted that for these top 100 companies, crooks also registered around 527 Web domains with very similar names to the company’s name or brands.
These domains are just perfect to use in phishing emails or Web-based phishing forms, having the ability to fool users that they might be on the company’s official website.
Most of these domains were from the banking sector (376), but also from the retail (175) and critical infrastructure (75) fields.
“Cyber-crime is rising at an astonishing rate, and it’s now a board-level issue for businesses,” Jamie Stone, VP of EMEA of Anomali, said in a statement.” The results of the report should be a wake-up call for these organisations, highlighting just how vulnerable they are in ways they might not even have considered.”