For years, “dark” markets have contained stolen credentials for sale. One of the largest and most notorious markets was the Genesis Market, which was by invitation only.
Over five years, the market offered data on more than 1.5 million computers and 80 million account access credentials, according to US Department of Justice.
Recently, the FBI and European law enforcement arrested over 100 people during the dismantling of the infamous Genesis Market. The operation was dubbed “Operation Cookie Monster”.
The crime forum was taken down through a concerted effort to arrest those involved and a takedown of associated web domains.
Not your typical market
Stealing credentials can be difficult, as it often requires patience and perseverance. For those looking to exploit credentials, buying a stolen password from “dark” markets may be easier than stealing it themselves.
These marketplaces offer many different credentials for sale, some verified and some not.
In fact, these marketplaces often look like completely legitimate businesses. They have help desks and ticketing systems, making it easy and commonplace to buy stolen credentials.
These exchanges often resemble traditional e-commerce sites and target buyers who may not be technically savvy, but are looking for such products.
The sheer volume of stolen credentials means that even if a few don’t work, all it takes is one or two with the correct information to be worth it and pay for the rest. This allows marketplaces to operate at scale without needing all the credentials to operate.
Therefore, datasets of stolen credentials are all the more valuable to threat actors.
The effects of a stolen ID
Many online services only require a login, consisting of a username and password. Unfortunately, users often reuse the same credentials across multiple services, making them vulnerable to theft.
Whether the theft is known or unknown, the consequences can be serious for those involved. Individual losses can be difficult to measure, from hacked bank accounts to compromised social media and personal documents.
The consequences can be devastating when an organization’s credentials are stolen, whether through phishing or some other breach. Stolen credentials can often lead to a larger breach, as they may be the starting point for a larger intrusion.
While multi-factor authentication (MFA) can help mitigate an attacker’s ability to gain access, not all services implement MFA in the same way, and it’s not foolproof.
The sale of digital fingerprints
A recent trend in cybercrime is the sale of “digital fingerprints”. It is the combined set of data that identifies an online user, which goes beyond stolen credentials. A stolen ID can more easily bypass security systems by impersonating a legitimate computer by adding a digital fingerprint.
Additionally, the Genesis Market promotes subscribing to a victim’s information. If a hacked computer remains compromised, the victim’s fingerprints will remain up-to-date, making subsequent exploitation easier for the buyer.
As attackers’ tools become more sophisticated, the ease with which stolen credentials can be exploited increases over time. For example, a fingerprint buyer could install a browser plug-in that consolidates user data into an easy-to-use tool.
An attacker can gain quick access to stolen accounts when paired with access from the user’s location through a VPN or proxy tool.
The first step to protecting your organization
To prevent loss of credentials, it is important to adopt a layered defense because there are many potential attack vectors. Adhere to digital identity guidelines such as NIST 800-63B and similar ones can help implement best practices for your password policies.
How can an organization update its policies, comply with changing best practices, and protect its users? Here are 3 key tips:
- Reduce the need for arbitrary password complexity and instead focus on password length, such as requiring a minimum of 12 characters.
- Check new passwords against commonly used or previously compromised passwords.
- Do not reuse passwords across different services to prevent attacks such as credential stuffing.
Moreover, it is essential to ensure that your users and your organization are well trained to avoid and detect cybersecurity risks such as phishing schemes, ransomware attempts, malicious websites, etc.
Block a compromised ad password
Keeping up with best practices and lessons learned can be difficult. Fortunately, tools exist to make your job easier.
For example, Specops password policy is based on the Group Policy engine in Active Directory and works in conjunction with existing password policy features to improve your password policy and help users create stronger passwords.
By making important password policies clear to users and alerting them when a breached password has been used, you can help keep you and your organization safe and comply with regulations.
Specops password policy offers a variety of features to help keep your organization secure. These include custom dictionaries, unique and customizable password policies, and powerful protection blocking over 3 billion compromised passwords.
Protect users of “dark” marketplaces
Stolen credentials are more than just a nuisance. With so many online services and applications requiring logins and with organizations heavily reliant on the online world, a stolen ID can lead to loss of revenue, an individual’s private data and institutional secrets.
While one market for stolen credentials may be suppressed, another will likely emerge, making it crucial to protect yourself and your organization with tools such as Specops password policy with breached password protection.
This solution can prevent over 3 billion stolen credentials from being used before they can be used to cause harm to your organization.
Sponsored and written by Specops software