The Cyber Defense eMagazine February Edition for 2024

More documents

Recommendations

Info

Data Breach Search Engines Navigating Access and Security in the Stolen Credentials Landscape By Tom Caliendo, Cybersecurity Reporter, Co-Founder at Brocket Consulting LLC In the last few years, an unprecedented number of stolen login credentials have been exposed in data breaches. Data Breach Search Engines (DBSEs) are increasingly providing public access to these stolen credentials. While designed to alert users to potential data exposure, these engines may unintentionally contribute to the growing cyber threat landscape by aiding malicious actors in exploiting stolen login credentials. Despite the fact that the past year witnessed an alarming rise in threats from malicious actors leveraging stolen login credentials, the potentially harmful role of DBSEs has been largely overlooked. DBSEs have existed for years with the purpose of informing individuals if their personal information was exposed in a breach. This involves seeking breached data from the dark net and making part of that information available to the public on the DBSE's website on the regular internet, also known as the "surface net." Cyber Defense eMagazine – February 2024 Edition 62 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
Traditionally, DBSEs would only inform visitors if their email address or username was listed in any data breaches, prompting them to change their passwords for a specific account. However, a new category of DBSEs has emerged, offering users access to raw data from breaches, including login credentials for other individuals. These new DBSEs are gaining popularity. This trend unfolds as the dark web underground market for stolen credentials is experiencing rapid growth. Demand is primarily driven by cybercriminals intending to use stolen credentials for malicious actions, as reported in Recorded Future's 2022 Annual Report. Recent trends reveal an increasing usage of stolen credentials for cybercrime, with Account Takeover fraud rising by 354% year-over-year in Q2 2023, based on Sift’s Q3 2023 Digital Trust & Safety Index. Additionally, 49% of data breaches last year involved using stolen credentials, according to the 2023 Data Breach Investigations Report (DBIR) by Verizon. Against this backdrop, DBSEs are making exposed credentials more accessible to the public. This marks a significant departure from the days when breached data was confined to the darker corners of the Internet. The F5 Labs 2021 Credential Stuffing Report notes that for malicious actors seeking victims' login credentials, the entry barrier is diminishing. Access to exposed credentials used to demand a level of skill, funds, and/or personal connections, requiring expertise to hack a database, connections to elite sellers, or access to exclusive dark web markets. However, with increasingly mainstream services willing to sell verified credentials, anyone can obtain access. Nevertheless, even if DBSEs assist in exposing credentials, it's crucial to recognize that not all stolen credentials are the same. Hackers typically attempt to keep stolen credentials secret for as long as possible. Breached credentials lose value when they become public knowledge because victims promptly change their passwords, as stated in the Cofense 2023 Annual State of Email Security Report. F5 Labs corroborated this notion in its Credential Stuffing Report, tracking the path of stolen credentials from theft to public disclosure. As soon as the breach became public knowledge, the price of the credentials started declining. At this stage, after public disclosure and data posting, DBSEs first obtain the credentials. Therefore, DBSEs provide access to credentials when they are least valuable to criminals. However, the credentials accessible in DBSEs still hold value to criminals, particularly if victims reuse their passwords for multiple accounts. Password reuse has always been a problem, and SpyCloud’s 2023 Identity Exposure Report found a 72% password reuse rate for users exposed in two or more breaches in the past year—an 8-point increase from 64% the previous year. As long as password reuse persists, old credentials will remain valuable to criminals. It's worth noting that there are potential benefits for victims using new DBSEs in certain circumstances. Traditional DBSEs were most helpful when a data breach originated from only one website, such as the Linked example mentioned earlier. However, some data breaches consist of login credentials from unknown sources. In those cases, a newer DBSE can identify which passwords were compromised. The Future: Based on current trends, DBSEs could play a more substantial role in supplying cybercriminals in the near future. The number of cybercriminals seeking credentials is growing, potentially including more Cyber Defense eMagazine – February 2024 Edition 63 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
How One Industry Exemplifies the Im
Page 3 and 4:
Data Breach Search Engines --------
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2024 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12: Cyber Defense eMagazine - February
Page 15 and 16: 2001 2024 Cyber Defense eMagazine -
Page 19 and 20: How One Industry Exemplifies the Im
Page 21 and 22: That is where things stand in my in
Page 23 and 24: current on the mission and values o
Page 25 and 26: So, monitoring and managing vendor
Page 27 and 28: About the Author Caroline McCaffery
Page 29 and 30: How so? Businesses can make things
Page 31 and 32: Using Cmmc 2.0 To Transform Your Cy
Page 33 and 34: equire the implementation of additi
Page 35 and 36: for the Department of Energy’s Cy
Page 37 and 38: • IT no longer controls where and
Page 39 and 40: For example, the Cloudbrink service
Page 41 and 42: 5 Cybersecurity Resolutions for The
Page 43 and 44: The Importance of Cyber Hygiene for
Page 45 and 46: The key steps to improve your cyber
Page 47 and 48: Connecting Tech to Black America By
Page 49 and 50: Establish partnerships with HBCUs E
Page 51 and 52: Perhaps the most obvious example of
Page 53 and 54: Crafting AI’s Future: Decoding th
Page 55 and 56: The implementation of regulations c
Page 57 and 58: AI Is Revolutionizing Phishing for
Page 59 and 60: That’s why security awareness tra
Page 61: culmination of this race will revea
Page 65 and 66: Enhancing Cybersecurity Defenses: T
Page 67 and 68: Social engineering testing In the e
Page 69 and 70: GitGuardian Researchers Find Thousa
Page 71 and 72: *Emergent trends While everything f
Page 73 and 74: There are multiple tools that will
Page 75 and 76: Good Security Is About Iteration, N
Page 77 and 78: to incorporate architectural and de
Page 79 and 80: Hacking and Cybersecurity Trends to
Page 81 and 82: detect attacks as they are occurrin
Page 83 and 84: Legacy solutions hinder an organiza
Page 85 and 86: About the Author Thomas Müller-Mar
Page 87 and 88: Having worked closely with financia
Page 89 and 90: device is emitting its signal the t
Page 91 and 92: Navigating the API Security Landsca
Page 93 and 94: that entities (users, services, or
Page 95 and 96: examine financial transactions, net
Page 97 and 98: Offensive Awakening: The 2024 Shift
Page 99 and 100: Not only are legislators pushing fo
Page 101 and 102: Let’s dive into how security lead
Page 103 and 104: Overcoming Common Data Security Cha
Page 105 and 106: The Risks of Over-Privilege Alongsi
Page 107 and 108: Quishing Campaign Exploits Microsof
Page 109 and 110: After inserting their email address
Page 111 and 112: more expensive and time consuming.
Page 113 and 114:
Cotton Sandstorm or Static Kitten h
Page 115 and 116:
Spike in Layoffs Pose Serious Cyber
Page 117 and 118:
About the Author Adam Gavish is the
Page 119 and 120:
The Crucial Role of Data Categoriza
Page 121 and 122:
The Next Generation of Endpoint Sec
Page 123 and 124:
Next-Generation Endpoint Security:
Page 125 and 126:
As I reflect back on the past few m
Page 127 and 128:
Why Is Hardware More Secure than So
Page 129 and 130:
can achieve throughput levels of up
Page 131 and 132:
ecome more secure. By the end of 20
Page 133 and 134:
Zero Trust Matures, Insider Threat
Page 135 and 136:
of the risk of insider threats and
Page 137 and 138:
Zero Trust: Navigating the Labyrint
Page 139 and 140:
• Enhanced Security: Zero trust b
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
CyberDefense.TV now has 200 hotseat
Page 151 and 152:
Books by our Publisher: Amazon.com:
Page 153 and 154:
Page 155:
i https://www.whitehouse.gov/briefi
show all

The Cyber Defense eMagazine February Edition for 2024

Create successful ePaper yourself

Delete template?

Save as template?