SpyCloud, the leader in operationalizing Cybercrime Analytics (C2A), released its 2023 Fortune 1000 Identity Exposure Report, an annual analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, including technology, financials, retailing and media.
Drawing on SpyCloud’s database of 400+ billion recaptured assets from the criminal underground, researchers analyzed 2.27 billion exposed dark web assets (including 423.28 million personally identifiable information (PII) assets) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses. The asset count represents a 7% increase year-over-year and puts these organizations in jeopardy for cyber threats including account takeover, session hijacking, fraud, and ransomware from this stolen data.
SpyCloud researchers uncovered 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plaintext p********, with over 223,000 exfiltrated by malware, specifically enabling seamless access to over 56,000 cloud-based applications, including popular enterprise email, single sign-on (SSO), payroll management, hosting, and collaboration tools. SpyCloud also observed a 62% password reuse rate among Fortune 1000 employees who have been exposed more than once.
CIO INFLUENCE: HTC Global Services and Azentio Software Confirm Strategic Partnership to Offer Next-Generation Digital BFSI Solutions
Even more alarming are the revelations in this year’s report about browser session cookies – unquestionably the most prized data exfiltrated by malware. SpyCloud recaptured 1.87 billion malware cookie records tied to Fortune 1000 employees. These cookies allow cybercriminals to infiltrate organizations by impersonating legitimate users and gain access to an active web session, which effectively can bypass security best practices like multi-factor authentication (MFA).
“Cybercriminals continue to evolve their tactics from capturing as much data as possible to capturing high-quality data that practically guarantees success. By leveraging session cookies, criminals can take advantage of any active platforms that utilize SSO, which essentially allows them to move freely between numerous accounts,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “This is a massive exposure risk and most organizations are unaware of the threat it poses or what to do to properly prevent or remediate.”
SpyCloud’s researchers also identified over 171,500 Fortune 1000 employees who used an infostealer malware-infected device to log into corporate resources. Infostealers are an increasingly common variety of malware that siphons all manner of data from the affected machine, including data stored in the browser – login URLs, usernames, p********, auto-fill data, and much more.
This level of exposure is dangerous for industries across the board, as this siphoned data can continue to plague the security of user information and business systems long after a device is wiped clean.
CIO INFLUENCE: Exascend Launches Industrial-Grade SD and MicroSD Cards to Meet Growing IoT Edge Storage Demand
“Employees using infected corporate or personal devices pose a risk for their organizations. As an employee, they may have access to their corporate networks and applications on those devices, and stolen data from these devices can be used to harm their employer,” said Hilligoss. “Fortune 1000 companies cannot bet solely on traditional solutions and cybersecurity training to keep them safe. Instead, to remediate malware infections, organizations must focus on resetting p******** for affected applications and invalidating active sessions to negate opportunities for session hijacking. This post-infection remediation approach is critical to shut down entry points for future attacks.”
SpyCloud additionally identified nearly 31 million malware-infected consumers of Fortune 1000 companies. Security teams continue to struggle to defend against fraud resulting from malware. Visibility into exfiltrated data from these devices places a lens on the information circulating on the dark web and how it can be used. Criminals can utilize credentials, PII and other sensitive details to fabricate synthetic identities, and use them to perpetrate fraud that affects a business’ bottom line. Knowing what was revealed from an infected device allows organizations to take preventative steps to better authenticate legitimate users and minimize losses.
To reduce the hazards of exposed employee and third-party identities, Fortune 1000 enterprises need a multi-layered strategy. Security teams should enforce strong password policies, mandate the use of password managers to create and store unique p******** for every account, enforce MFA, and implement a robust post-infection remediation approach to enhance their incident response.
CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity
[To share your insights with us, please write to sghosh@martechseries.com]
