Technology sector suffers most from poor cyber hygiene
Analysis of exposed dark web assets from SpyCloud finds that the technology sector has the highest number of malware-infected employees and consumers, the highest number of exposed corporate credentials, and the most exposed malware cookie records.
In the analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, researchers uncovered 27.48 million pairs of credentials with corporate email addresses and plain text passwords, with over 223,000 exfiltrated by malware.
These specifically enabled seamless access to over 56,000 cloud-based applications, including popular enterprise email, single sign-on (SSO), payroll management, hosting, and collaboration tools. SpyCloud also observed a 62 percent password reuse rate among Fortune 1000 employees who have been exposed more than once.
SpyCloud also recaptured 1.87 billion malware cookie records tied to Fortune 1000 employees. These cookies allow cybercriminals to infiltrate organizations by impersonating legitimate users and gain access to an active web session, which effectively can bypass security best practices like multi-factor authentication.
"Cybercriminals continue to evolve their tactics from capturing as much data as possible to capturing high-quality data that practically guarantees success. By leveraging session cookies, criminals can take advantage of any active platforms that utilize SSO, which essentially allows them to move freely between numerous accounts," says Trevor Hilligoss, director of security research at SpyCloud. "This is a massive exposure risk and most organizations are unaware of the threat it poses or what to do to properly prevent or remediate."
In addition the research identified over 171,500 Fortune 1000 employees who used a device infected with infostealer malware to log into corporate resources. Infostealers are an increasingly common variety of malware that siphons all manner of data from the affected machine, including data stored in the browser -- login URLs, usernames, passwords, auto-fill data, and much more.
"Employees using infected corporate or personal devices pose a risk for their organizations. As an employee, they may have access to their corporate networks and applications on those devices, and stolen data from these devices can be used to harm their employer," adds Hilligoss. "Fortune 1000 companies cannot bet solely on traditional solutions and cybersecurity training to keep them safe. Instead, to remediate malware infections, organizations must focus on resetting passwords for affected applications and invalidating active sessions to negate opportunities for session hijacking. This post-infection remediation approach is critical to shut down entry points for future attacks."
The full report is available from the SpyCloud site.