Account takeover is a serious threat to everyone. Cybersecurity experts have been warning about this problem for years, and we need to take it seriously. Leaking our login information could lead to identity theft and cause significant harm to us. While there are tools available for users to check if their data has been compromised, it’s essential to understand that by the time your username and password have been compromised, cybercriminals have likely already had access to them for at least six months.
Preventing breaches requires a lot of effort, but it is essential to assume that a breach is always possible. How can companies detect breaches, identify and protect data before it leaks? A huge amount of data is collected through dark web monitoring, and many automated free and commercial tools can be used as a valuable line of defense. The most common types are scanners that search lists of stolen data that have been ‘dumped’ online. This stolen data could be anything useful to a person or entity, meaning there could be a lot of data to search for.
For consumers, this obviously includes user data from compromised accounts, but it could also include Social Security or Social Security numbers, passport data, or financial data. The most well-known consumer tool that allows people to see their exposure is Am I pwned??, which allows individual users to scan their data. More recently, we’ve seen exciting developments in tools that focus on consumer data and business specifications, ranging from standalone documents to intellectual property. This is valuable for any organization or business concerned about exposure to cyber attacks.
The challenge for all monitoring tools on the dark web is dealing with scale, relevance and velocity of information. When it comes to scale, it’s difficult to estimate just how big the dark web is as part of the broader deep web, especially considering it’s hundreds of times larger than the standard internet we access every day. This means that scanning tools must be able to identify and focus on dark web locations. This is where the relevance and speed of identifying data applies, as much of it is dumped onto dark web forums only after criminals have taken advantage of it. Multiple dumps of the same data are also often created via different forums and sources; in our experience this is the case for 70% of the data we find.
Companies are using more sophisticated processes and skilled cyber personnel to meet the need for speed, as more sophisticated techniques are needed to find actionable breach data. One method is to become an active part of the dark web community. This does not mean that you become a criminal or hacker. But to identify and stop them, we need to look at things from the attacker’s perspective, identify hacker groups and understand how the process works. For example, a hacker may have the complex skills needed to expose corporate systems and access credentials, but may have to deal with an encrypted password database. Unless they can decrypt that data, what they have is useless. So what do they do with that data? Sell it? Mine? They don’t necessarily have all these skills, so they will turn to the dark web to find people offering decryption and monetization services.
Researchers – real people – are part of this community through a network of pseudo-identities (sock puppets), and analysts monitor hacker activity at specific locations known to specialize in stolen data. For security companies, this means digging deep into the community to find people, places and methods to identify miscreants. We can engage with them before data becomes available in unencrypted form on the dark web. This reduces the detection part of the process to a few weeks instead of six months, increasing the chance that data can be identified before it is useful. Companies affected by a hacker takeover can proactively manage end-user accounts and limit the risk of fraud or identity theft.
Account takeover remains a real threat, but basic cybersecurity hygiene can help mitigate this initially. The common denominator of every online account is that they all require a password to gain access. While most people know to use strong, unique passwords and phrases for each account, remembering which login credentials to use can be a challenge. That’s why we, and all our industry colleagues, recommend using a password manager. Why complicate life if you don’t have to?