Dark web tools spotlight dangers of poor password management

Tools like checkers and brute forcers freely available on the dark web are helping unskilled criminals launch automated attacks against organizations' websites.

A new report by Recorded Future also reveals the industries most affected by these tools are software, media and entertainment, eCommerce, finance, and telecommunications.

It highlights that password reuse and poor password-management hygiene remain among the top issues in enabling successful credential- stuffing attacks.

Checkers are automated tools used by cybercriminals to check the validity of user login credential combinations in bulk and conduct credential stuffing attacks. Brute forcers automate the password cracking process.

The report's authors note that, "Cybercriminals will commonly use lists containing thousands of credentials with automated custom and 'off-the-shelf' tools available on the dark web. Many tools support an unlimited number of custom plugins, known as 'configs,' which allow cybercriminals to target almost any company with an online presence and conduct account takeovers."

In order to protect themselves the report suggests that measures companies can take include increasing awareness of password security among their users, along with requiring an additional form of authentication such as MFA or CAPTCHA. Client passwords should always be stored securely in a hashed format.

The report concludes, "Cybercriminals will continue to use checkers and brute forcers because of the success they have had with gaining unauthorized access to user accounts and the profits they make from selling cracked accounts on the underground economy. This practice will continue to threaten companies and individual users until better password hygiene practices and security measures are implemented."

You can read more on the Recorded Future site.

Photo Credit: Dmitry Molchanov/Shutterstock