Threat Spotlight: Dark Web Data Breaches

Executive Summary

There are 10 billion stolen credentials on the dark web. They continue to be one of the top means of compromise for cyberattacks and could lead to disastrous data breaches for individuals and organizations.

Flare’s Co-Founder and Chief Product Officer Yohan Trépanier Montpetit and Director of Marketing Eric Clay talk through the findings from analyzing the leaked credentials Flare has monitored on the dark web such as: 

  • Increasing concern for stealer malware
  • Leaked credential trends by industry, organization size, geography, and more
  • Threat actors flocking to Telegram
  • Recommendations for organizations to become more secure

Access the full report: Clear Insights from a Deep Analysis of Dark Web Leaked Credentials

This Threat Spotlight includes video clips about: 

  • The horrors of stealer malware
  • The software industry as an outlier in security spend trends
  • Telegram’s role in selling infected devices

Replay the full webinar recording, Dark Web Data Breaches: An Analysis of 10 Billion Stolen Credentials on the Dark Web, and/or keep reading for the highlights.

The Horrors of Stealer Malware

Stealer logs represent the digital life of an individual for sale available for just a few dollars on the dark web. It’s similar to identity theft, as the threat actor can take and sell an infected device, which can include login credentials saved to that device along with general geographic information. For example, this can reveal where this victim lives, their job, their hobbies, and even the local venues like gyms that they frequent. 

It can be similar to finding somebody’s wallet on the ground and looking through the various cards and tidbits of information about their lives stored inside. 

The Software Industry as an Outlier in Security Spend Trends

Typically, a company’s security spend correlates with how secure it is. According to Gartner statistics, the software industry has the highest percentage of IT spend on security. Surprisingly, the software industry had the second highest ratio of unique leaks per employee per industry.

What could be the reason why software is an outlier in this trend? 

Software companies rely on other SaaS tools and therefore have more logins, which could also be areas of cyber risk. 

Telegram’s Role in Selling Infected Devices

Genesis and Russian Markets are well-established autoshops that sell various fraud-related items including infected devices. 

But, instant messaging platforms like Telegram play its part in spreading stealer logs too. Threat actors can subscribe to channels to access fresher data, in some cases for free, instead of waiting for sales on autoshops. 

How Flare Can Help

Flare enables you to automatically scan the clear & dark web for your organization’s leaked data, whether it be infected devices, technical data, source code, leaked credentials, or secrets on public GitHub repos. This approach enables you to proactively identify sensitive data leaks and prevent data breaches before malicious actors utilize them.

Flare allows you and your security team to: 

  • Get ahead of reacting to attempted network intrusions before they happen by rapidly detecting stolen credentials and infected devices for sale 
  • Cut incident response time by up to 95% and monitor around 10 billion leaked credentials
  • Understand your organization’s external data exposure (digital footprint) with proactive recommendations to improve your security posture based on real world, contextualized data

Want to see how Flare can help your organization stay ahead of threat actors? Request a demo to learn more.

Share This Article

Related Content