Thousands of FTSE 100 Corporate Log-Ins Found on Dark Web
Over three-quarters (77%) of FTSE 100 companies are at risk of suffering a damaging cyber-attack because corporate log-ins including plain text passwords are available on the dark web, according to Anomali.
The threat intelligence firm monitored underground forums between April and July this year and found on average 218 usernames and passwords available for each FTSE 100 firm affected.
The volume of exposed log-ins has tripled since last year’s report, rising from a total of 5275 to 16,583, according to the vendor’s new report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures.
The banking sector was worst hit, accounting for nearly a quarter (23%) of exposed credentials.
Five of the FTSE 100 companies analyzed had more than 1000 log-ins exposed on such sites.
The problem boils down to email and password reuse, with many employees signing up to online services with their work log-ins, unaware they may be stolen from these providers, according to Anomali.
The report had this word of warning:
“Employees should be reminded of the dangers of browsing through and logging into non-corporate websites with corporate email addresses and passwords. Companies should monitor for compromised employee credentials so they can force reset accounts and gather metrics about how often employees are using their work email addresses for access to non-work-related websites.”
The report also revealed that at least 82% of FTSE 100 organizations have suspicious domain registrations made in their name — indicative of possible phishing and other malicious activity.
A total of 439 suspicious domains were found on the dark web, that’s just over four per company on average — although 13% of FTSE 100 firms had 10 or more in their name. The majority were registered in the US (38%) and China (23%).
Once again the banking sector was hardest hit, with 83 registrations.
Anomali claimed that free email services are often used during the registration process to hide the true identity of the registrant.
Source: Information Security Magazine