Security experts have warned the UK’s leading companies that they may be unwittingly exposed to serious compromise after revealing the discovery of tens of thousands of corporate credentials on the dark web.
Outpost24 used its threat monitoring tool Blueliv to trawl cybercrime sites for the breached credentials, finding 31,135 usernames and passwords belonging to FTSE 100 firms.
These are the 100 biggest companies listed on the London Stock Exchange by market capitalization.
Around three-quarters (75%) of these credentials are thought to have been stolen via conventional data breaches, while around a quarter was obtained via individually targeted malware infections.
The majority (60%) of stolen credentials came from three of the highest regulated industries – IT/telecom (23%), energy and utility (22%) and finance (21%), Outpost24 said.
Some 81% of FTSE 100 companies had at least one compromised credential exposed on the dark web, while 42% had more than 500 logins exposed, according to the research.
Over 68% of these had been exposed for over 12 months, indicating that even the best-resourced and most highly regulated firms struggle to gain visibility into their risk exposure.
On average, healthcare companies had the highest number of stolen credentials per company (485) obtained via a data breach, while the IT/telecom sector had both the highest overall number of exposed credentials (7303) and highest average number of stolen credentials per company (730).
Outpost24 warned that threat actors could leverage such logins to gain covert network access as part of “big-game hunting” ransomware attacks.
“Once an unauthorized third party or initial access broker gets hold of user logins and passwords, they can sell the credentials on the dark web to an aspiring hacker, or use them to compromise an organization’s network by bypassing security measures and moving laterally to steal critical data and cause disruption,” said Victor Acin, labs manager at Outpost24 company Blueliv.
“Stolen credentials are dangerous because there is very little that can be done to identify and detect once an intruder is inside your system. Therefore, it’s important to proactively monitor stolen credentials and alert security to reset passwords upon discovery to reduce risk.”