Corporate Credentials on the Dark Web Up by 429% This Year
There has been a 429% growth in the number of corporate credentials with plaintext passwords on the dark web so far this year, according to Arctic Wolf’s 2020 Security Operations Annual Report. This amounts to an average of 17 separate sets of credentials per a typical organization, leaving businesses particularly vulnerable to account takeover attacks (ATO).
This is despite a year-on-year decline in publicly disclosed data breaches, which Arctic Wolf attributes to “alert fatigue”, in which overworked IT and security professionals increase alert thresholds, leading to less reporting of incidents.
The study also found there was a 64% rise in phishing and ransomware attempts in Q2 of 2020 compared to Q1, with cyber-actors seeking to use the topic of COVID-19 as a lure as well as target remote workers. The banking sector experienced the biggest increase in these types of attacks, at 520%.
Additionally, since the start of the COVID-19 pandemic in March, critical vulnerability patch time has gone up by 40 days, which the authors said was driven by higher common vulnerabilities and exposures (CVE) volumes, more critical CVEs and the shift to remote workforces. Another major security concern is that there has been a 240% increase in unsecured Wi-Fi usage since March due to the emergence of home working.
The need for organizations to closely monitor their network, endpoint and cloud environments at all times was underscored by the finding that 35% of high risk incidents observed by Arctic Wolf took place between the hours of 8.00pm and 8.00am while 14% occurred on weekends, when many in-house security teams are not online.
Mark Manglicmot, vice-president, security services, Arctic Wolf, commented: “The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge. Yet, despite this constant innovation, we continue to see breaches in the headlines. The only way to eliminate cybersecurity challenges like ransomware, account takeover attacks, and cloud misconfigurations is by embracing security operations capabilities that fully integrate people, processes, and technology.”