CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Bunch of rough shape keys showing user credentials sold on dark web
Cyber SecurityNews
·4 min read

Over 24 Billion Compromised User Credentials Circulating on the Dark Web Market

Alicia Hope·June 22, 2022
TwitterFacebookLinkedIn

Threat intelligence and cyber risk firm Digital Shadows discovered a 65% increase in compromised user credentials circulating on the dark web market.

The Account Takeover in 2022 report found more than 24 billion username and password combinations on sale on the dark web, up from 15 billion in 2020.

Two years earlier, the number of leaked credentials was just 5 billion, representing a 300% increase from 2018 to 2020. According to the firm, the number of leaked credentials was growing annually and would continue to increase in the coming years.

Digital Shadows also found that state-sponsored attackers, hacktivists, and ransomware gangs have leveraged account takeover (ATO) attacks using stolen credentials.

Easily guessable and exploitable user credentials are still widely popular

The mid-June 2022 report by Digital shadows found that the top 50 most common passwords were easy to guess. Some include combinations of the name ‘password’ with some unforgettable numbers.

Similarly, the use of ‘123456’ as a password was very common, accounting for 0.46% or at least once in every 200 passwords. Keyboard combinations such as ‘qwerty’ or ‘1q2w3e’ were also prevalent.

Subsequently, the top 100 most common passwords accounted for 2% of the leaked user credentials.

Additionally, 49 out of 50 most common passwords could be cracked in less than a second in offline attacks using free or affordable exploitation tools available on the dark web.

However, adding a special character (@,_,#) to a simple 10-character password increased the offline crack time by 90 minutes, while adding two special characters increased the time by 2 days and 4 hours.

Additionally, the Digital Shadows Photon Research team found a staggering amount of plaintext passwords accounting for 88.7% of stolen passwords in the database.

However, they did not explain the percentage of the leaked passwords stolen in hashed format and decrypted by the attackers before listing. Consequently, they suggested that the total number of stolen passwords might be higher than reported.

The report posited that increasing the effort and time required to breach an account would make it less worthwhile to attackers, forcing them to focus on other weaker accounts.

Social engineering and malware are common sources of stolen user credentials

The researchers listed malware, phishing, and social engineering as common methods for stealing user credentials.

Automated credential harvesting involves info stealers such as the Redline malware that can run in the background. According to the researchers, phishing could also spread infostealers such as Redline malware.

However, the easiest method to obtain user credentials was to buy them from dark web forums. The report noted that the price of stolen credentials depends on the age of the account, the file size, the buyer’s reputation, and account type. For example, cryptocurrency-related accounts attracted higher prices.

The effects of stolen user credentials are immense. According to the 2022 Verizon Data Breach Investigations Report, attackers gained access using stolen user credentials in 50% of the 20,000 security incidents analyzed.

Attackers regularly leverage stolen user credentials as the initial attack vector to deploy malware and exploitation tools before a ransomware attack.

“Identities are the true hackers’ objective,” Garret Grajek, CEO at YouAttest. “A username/password tuple can be attempted at not just the resource that is discovered but at multiple targets: banks, credit cards, health care, and business accounts.”

Grajek says that attackers could pivot a username with OSINT and discover the compromised workplace.

“From there it’s just a matter of logging onto the users’ account in some form, dropping in a RAT (Remote Access Trojan), and then begin the cyber kill chain of lateral movement and privilege escalation. It is imperative that an enterprise practice Zero Trust and strong identity governance which help identify anomalies in user privileges,” Grajek said.

Dark web marketplaces expanded in size and sophistication

Cybercriminals depend on the dark web to dispose of their stolen user credentials. The Digital Shadows report found that dark web marketplaces continue expanding and offering more exploitation tools, malware, and services.

Additionally, the dark web marketplaces introduced various subscription models, including premium services to facilitate the sale and purchase of stolen user credentials.

However, the attackers advertised many stolen user credentials on several dark web forums to increase the customer base. This practice introduced duplication in the user credentials listed for sale.

Digital Shadows accounted for replication and recorded 6.7 billion unique records after removing the duplicates. Even then, the number of stolen credentials had increased by 1.7 billion from 2020, representing a 34% increase.

The report stated that the firm had warned its customers about advertised compromised credentials at least 6.7 million times in the last 18 months.

How to protect user credentials from data leaks

Digital Shadows advised users to store their passwords using a password manager. Using a password manager allows them to use strong passwords without remembering them.

Additionally, they should enable multi-factor authentication, which could replace passwords and other authentication methods.

Similarly, using an Authenticator App to generate temporary authentication codes would render exposed credentials useless.

“We will move to a ‘passwordless’ future, but for now, the issue of breached credentials is out of control,” Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows, said. “Criminals have an endless list of breached credentials they can try, but adding to this problem is weak passwords, which means many accounts can be guessed using automated tools in just seconds.”

Morgan said leaked user credentials include those of staff, customers, servers, and IoT devices. He added that the breaches could have been mitigated by stronger passwords and avoiding password reuse across different accounts.

Digital Shadows attributed increasing ATO attacks to an increase in the average user’s digital footprint, authentication blind spots by the lack of consistency in authentication, and the failure to secure compromised accounts on time.

Report found over 24 billion compromised user credentials circulating on the #darkweb marketplace in 2022, an increase of 65% from 2020. #cybersecurity #respectdataClick to Tweet

Kim DeCarlis, CMO at PerimeterX, noted that the cyber threat landscape had changed, with web attacks being part of an integrated cybercrime cycle, with each propagating the other prolonging the attack cycle.

“The front door to a web app is a valid user name and password, and it is eye-opening to learn the number of credential pairs available on the dark web,” DeCarlis said. “Stopping the theft, validation, and fraudulent use of account and identity information should be a prime focus for all online businesses.”

 

TwitterFacebookLinkedIn
Tags
Account TakeoverDark WebUser Credentials
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.
Related
Mobile phone on a computer keyboard with the WhatsApp logo showing data leak sold on dark web
Cyber SecurityNews

Nearly 500 Million WhatsApp Records Allegedly Stolen in Data Leak, Offered on Dark Web for a Few Thousand Dollars

December 5, 2022
Army of bots showing eCommerce retailers and account takeover, DDoS and API attacks
Cyber SecurityNews

62% of Security Incidents on eCommerce Retailers Originate from Bots, Including Account Takeover, DDoS and API Attacks

November 11, 2022
Clinical labs team working with microscope showing stolen patient data on dark web due to data breach
Cyber SecurityNews

Australian Clinical Labs Questioned About Long Delay in Public Notification of Patient Data Theft; Records Have Been Available on Dark Web for Five Months

October 31, 2022
NATO Parliamentary Assembly in Brussels, Belgium showing NATO documents on dark web due to data breach
Cyber SecurityNews

NATO Documents Stolen in Breach of Portuguese Armed Forces, Found for Sale on Dark Web

September 15, 2022
Logo of TikTok in the reflection of a broken mirror showing TikTok hack and account takeover
Cyber SecurityNews

“One-Click” TikTok Hack Discovered That Put 2 Billion App Users at Risk, but No Reports Yet of Account Takeover in the Wild

September 8, 2022
Disney store window showing account takeover of social media
Cyber SecurityNews

Disneyland Account Takeover Highlights Lax Security for Social Media Accounts

July 13, 2022
Iran flag on a black keyboard showing spear phishing for account takeover
Cyber SecurityNews

Iranian Spear Phishing Operation Targeting US and Israeli Government Figures, Email Account Takeovers Lead to Impersonation Campaigns

June 23, 2022
Cube figure and social connection lines showing threat intelligence and dark web
Cyber SecurityInsights

Infiltrating the Dark Web for Threat Intelligence Collaboration

February 28, 2022

Latest

Yellow crime scene tape on computer keyboard showing law enforcement operations on Hive ransomware gang

Hive Ransomware Shut Down by Law Enforcement Operation; FBI in Possession of Decryption Keys, Group’s Public-Facing Website

Woman holding glasses showing data privacy regulations

Navigating the Data Privacy Landscape in 2023

WhatsApp app icon on a smartphone showing GDPR violations

WhatsApp Receives €5.5 Million Fine for GDPR Violations

League of Legends website page showing security breach of game cheats and source code

Security Breach at Riot Games Reveals Game Cheats, Source Code for Popular eSport “League of Legends”

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results