Threat Intelligence Blog

Posted April 16, 2018

RSA, the industry’s biggest (arguably) conference, starts this week. Before you get blinded by all of the shiny new technology and product and acquisition announcements, remember that having clean cybersecurity hygiene begins with the basics – patch and routinely update your systems, educate your employees, and protect your passwords.

LookingGlass has access to a lot of places on the Internet, including the Deep and Dark Web where most data dumps and password leaks occur. Armed with this information, we are able to maintain a proprietary Data Breach Detection System (DBDS) that continuously scours underground forums, hacker channels, and the dark web to uncover the latest data breaches and identify compromised accounts. Adding an average of several million findings per week, this system contains almost 5 billion records that are connected to approximately 3.5 billion unique username/password pairs.

As we see cyber attacks increase in size and sophistication, we often forget that some of the biggest attacks started with basic password cracking or phishing/social engineering schemes. Analyzing compromised credentials can reveal a lot about the cybersecurity practices of organizations across verticals and of all sizes. LookingGlass reviewed all compromised credentials within our DBDS from 2017 for the Fortune 100 companies and discovered that the most heavily-impacted business sectors were Technology, Financial, Insurance, and Telecommunications. The below chart compares the unique credentials LookingGlass uncovered in 2017 for the Fortune 100 companies by sector.

Leaked Credentials Fortune 100 2017

In addition, across all Fortune 100 companies, an average of 33% of all employees reused their login credentials. Organizations within the Telecommunications sector represented the highest percentage of reused login credentials, with nearly 45% of employees reusing usernames and passwords across multiple IT systems and web applications.

Percentage of Password Reuse Fortune 100

Credential reuse is a significant concern to organizations across all business sectors because threat actors routinely use lists of these compromised credentials to gain access to business networks via web applications and other public-facing network infrastructure.  For example, it is simple for a threat actor to check for Web-based email services associated with each domain, potentially allowing a hacker to access the user’s work email account and to view or exfiltrate any sensitive information it may contain.

Assuming that the LookingGlass sample for Fortune 100 companies is a reflection of global organizational trends in credential security hygiene, we judge that at least one-third to one-half of the compromised credentials could likely facilitate illicit access, or cause otherwise negative repercussions to, many organizations. This threat is further exacerbated if an organization is unaware of credential compromises relevant to them or does not have other security measures in place to mitigate the risk of compromised credentials, such as two-factor authentication.

4 Steps Organizations Can Take to Protect User Credentials

  1. Encourage and Enforce Password Hygiene Best Practices – Educate employees on best practices associated with password hygiene (i.e., frequently change credentials, diversify passwords across accounts, etc.). Require employees to routinely update their passwords and avoid repeated use across multiple platforms.
  2. Manage Your Third Party Risks – Consistently monitor who is accessing your network and hardware. Are they trying to access areas of the network they shouldn’t be? Limit third parties’ access to specific portions of the network instead of allowing them to roam free.
  3. Back Up Your Data – If your credentials are compromised, it will be easier to replace your data using a backup than to start from scratch.
  4. Educate Your Employees – Phishing attacks are still one of the biggest ways organizations are breached. Don’t give away confidential information, like your password. Also, discourage employees from using work email for personal use.


How Can LookingGlass Help Your Organization With These Steps?

LookingGlass offers tiered solutions to help organizations deal with the risks compromised credentials pose to you and your key vendors:

  • The LookingGlass Baseline Attack Surface Report™ is a cost-effective first step in determining which of your vendors pose the most risk to your organization. Your report will not only provide a historical analysis but also help you meet compliance and regulatory requirements when the occasion arises.
  • The LookingGlass Cyber Attack Surface Analysis™ is a deep-dive assessment of vendors that may have access to your organization’s networks and sensitive data. It not only provides a historical analysis of potential compromise, but may also assist your organization in meeting compliance and regulatory requirements. In addition, the Cyber Attack Surface Analysis can evaluate the cybersecurity hygiene of a company when conducting M&A activity.
  • The LookingGlass Third Party Risk Monitoring service delivers continuous visibility into the risk exposure and attack surface of your organization’s key vendors. This is an outsourced way to analyze your third party vendors’ risk impact to your organization. Our managed service keeps a watchful eye on your vendors’ networks 7/24/365, helping you to make informed, intelligent decisions about the cyber safety of your organization.


In addition, protect your organization’s attack surface with one of the LookingGlass “as-a-Service” offerings: Information Security, Brand Security, or Physical Security Monitoring:

  • Information Security-as-a-Service™: Protect your organization’s network and sensitive data. LookingGlass analysts monitor and identify information security threats such as phishing, malware, ransomware, and more.
  • Brand Security-as-a-Service™: Protect your organization’s brand, trademarks/logos, intellectual property, and online reputation.
  • Physical Security Monitoring-as-a-Service™: LookingGlass analysts monitor for risks to your organization’s most valuable physical assets, such as imposter social media accounts, unauthorized domain names, and threats against employees, executives, and facilities.

Interested in learning more about any of our offerings, or want to chat with one of our security experts? Find us at RSA – Booth 100 in the South Hall.

Additional Posts

LookingGlass Cyber Solutions Launches IRD-100™ a Fully-Programmable Stealth Security Appliance

Titan IC Systems, Strategic LookingGlass Partner delivers innovative technology for Deep Packet ...

Why Cyber Response Mechanisms Must Talk to Each Other…

As I was preparing to write this blog on the importance of interoperability across cyber defense ...