CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
CPO Magazine - News, Insights and Resources for Data Protection, Privacy and Cyber Security Leaders
  • Home
  • News
  • Insights
  • Resources
Bunch of rough shape keys showing user credentials sold on dark web
Cyber SecurityNews
·4 min read

Over 24 Billion Compromised User Credentials Circulating on the Dark Web Market

Alicia Hope·June 22, 2022
TwitterFacebookLinkedIn

Threat intelligence and cyber risk firm Digital Shadows discovered a 65% increase in compromised user credentials circulating on the dark web market.

The Account Takeover in 2022 report found more than 24 billion username and password combinations on sale on the dark web, up from 15 billion in 2020.

Two years earlier, the number of leaked credentials was just 5 billion, representing a 300% increase from 2018 to 2020. According to the firm, the number of leaked credentials was growing annually and would continue to increase in the coming years.

Digital Shadows also found that state-sponsored attackers, hacktivists, and ransomware gangs have leveraged account takeover (ATO) attacks using stolen credentials.

Easily guessable and exploitable user credentials are still widely popular

The mid-June 2022 report by Digital shadows found that the top 50 most common passwords were easy to guess. Some include combinations of the name ‘password’ with some unforgettable numbers.

Similarly, the use of ‘123456’ as a password was very common, accounting for 0.46% or at least once in every 200 passwords. Keyboard combinations such as ‘qwerty’ or ‘1q2w3e’ were also prevalent.

Subsequently, the top 100 most common passwords accounted for 2% of the leaked user credentials.

Additionally, 49 out of 50 most common passwords could be cracked in less than a second in offline attacks using free or affordable exploitation tools available on the dark web.

However, adding a special character (@,_,#) to a simple 10-character password increased the offline crack time by 90 minutes, while adding two special characters increased the time by 2 days and 4 hours.

Additionally, the Digital Shadows Photon Research team found a staggering amount of plaintext passwords accounting for 88.7% of stolen passwords in the database.

However, they did not explain the percentage of the leaked passwords stolen in hashed format and decrypted by the attackers before listing. Consequently, they suggested that the total number of stolen passwords might be higher than reported.

The report posited that increasing the effort and time required to breach an account would make it less worthwhile to attackers, forcing them to focus on other weaker accounts.

Social engineering and malware are common sources of stolen user credentials

The researchers listed malware, phishing, and social engineering as common methods for stealing user credentials.

Automated credential harvesting involves info stealers such as the Redline malware that can run in the background. According to the researchers, phishing could also spread infostealers such as Redline malware.

However, the easiest method to obtain user credentials was to buy them from dark web forums. The report noted that the price of stolen credentials depends on the age of the account, the file size, the buyer’s reputation, and account type. For example, cryptocurrency-related accounts attracted higher prices.

The effects of stolen user credentials are immense. According to the 2022 Verizon Data Breach Investigations Report, attackers gained access using stolen user credentials in 50% of the 20,000 security incidents analyzed.

Attackers regularly leverage stolen user credentials as the initial attack vector to deploy malware and exploitation tools before a ransomware attack.

“Identities are the true hackers’ objective,” Garret Grajek, CEO at YouAttest. “A username/password tuple can be attempted at not just the resource that is discovered but at multiple targets: banks, credit cards, health care, and business accounts.”

Grajek says that attackers could pivot a username with OSINT and discover the compromised workplace.

“From there it’s just a matter of logging onto the users’ account in some form, dropping in a RAT (Remote Access Trojan), and then begin the cyber kill chain of lateral movement and privilege escalation. It is imperative that an enterprise practice Zero Trust and strong identity governance which help identify anomalies in user privileges,” Grajek said.

Dark web marketplaces expanded in size and sophistication

Cybercriminals depend on the dark web to dispose of their stolen user credentials. The Digital Shadows report found that dark web marketplaces continue expanding and offering more exploitation tools, malware, and services.

Additionally, the dark web marketplaces introduced various subscription models, including premium services to facilitate the sale and purchase of stolen user credentials.

However, the attackers advertised many stolen user credentials on several dark web forums to increase the customer base. This practice introduced duplication in the user credentials listed for sale.

Digital Shadows accounted for replication and recorded 6.7 billion unique records after removing the duplicates. Even then, the number of stolen credentials had increased by 1.7 billion from 2020, representing a 34% increase.

The report stated that the firm had warned its customers about advertised compromised credentials at least 6.7 million times in the last 18 months.

How to protect user credentials from data leaks

Digital Shadows advised users to store their passwords using a password manager. Using a password manager allows them to use strong passwords without remembering them.

Additionally, they should enable multi-factor authentication, which could replace passwords and other authentication methods.

Similarly, using an Authenticator App to generate temporary authentication codes would render exposed credentials useless.

“We will move to a ‘passwordless’ future, but for now, the issue of breached credentials is out of control,” Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows, said. “Criminals have an endless list of breached credentials they can try, but adding to this problem is weak passwords, which means many accounts can be guessed using automated tools in just seconds.”

Morgan said leaked user credentials include those of staff, customers, servers, and IoT devices. He added that the breaches could have been mitigated by stronger passwords and avoiding password reuse across different accounts.

Digital Shadows attributed increasing ATO attacks to an increase in the average user’s digital footprint, authentication blind spots by the lack of consistency in authentication, and the failure to secure compromised accounts on time.

Report found over 24 billion compromised user credentials circulating on the #darkweb marketplace in 2022, an increase of 65% from 2020. #cybersecurity #respectdataClick to Tweet

Kim DeCarlis, CMO at PerimeterX, noted that the cyber threat landscape had changed, with web attacks being part of an integrated cybercrime cycle, with each propagating the other prolonging the attack cycle.

“The front door to a web app is a valid user name and password, and it is eye-opening to learn the number of credential pairs available on the dark web,” DeCarlis said. “Stopping the theft, validation, and fraudulent use of account and identity information should be a prime focus for all online businesses.”

 

TwitterFacebookLinkedIn
Tags
Account TakeoverDark WebUser Credentials
Alicia Hope
Staff Correspondent at CPO Magazine
Alicia Hope has been a journalist for more than 5 years, reporting on technology, cyber security and data privacy news.

Latest

Yodel delivery Service logo sign showing cyber incident suspected ransomware

Yodel Parcel Delivery Service Disrupted by a Suspected Ransomware Cyber Incident

Hacker exploit vulnerability Log4Shell on VMware servers

CISA and Coast Guard Cyber Command Warn About Hackers Leveraging Log4Shell Vulnerability on VMware Servers

Finger pointing at digital lock showing privacy enhancing technologies (PETs)

What Are Privacy-Enhancing Technologies (PETs) And How You Can Choose the Right One(s)

Peaceful demonstration against war with Lithuania flag showing Russian hackers DDoS cyber attacks

Russian Hackers Claim Responsibility for DDoS Cyber Attacks on Lithuania

- Advertisement -

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use

Stay Updated

CPO Magazine

News, insights and resources for data protection, privacy and cyber security professionals.

Learn More

About
Contact
Our Advertising
Privacy Policy
Cookie Policy
Terms of Use
Do Not Sell My Data

Stay Updated

Follow Us

© 2022 Rezonen Pte. Ltd.
CPO Magazine - News, Insights and Resources for Data Privacy, Protection and Cybersecurity Leaders
  • Home
  • News
  • Insights
  • Resources
    Start typing to see results or hit ESC to close
    U.S. Data Breach Regulations EU GDPR Facebook
    See all results