UK Construction Firms Hemorrhage Log-Ins to Dark Web

UK Construction Firms Hemorrhage Log-Ins to Dark Web

Over 600,000 breached corporate log-ins belonging to staff at the UK’s leading construction, architecture and property firms are available for sale on the dark web, according to RepKnight.

The cyber intelligence firm used its BreachAlert dark web monitoring tool to locate the credentials. Over 450,000 were from construction firms, 110,00 were from architecture practices and just over 47,000 were linked to property developer businesses.

A spokesperson confirmed to Infosecurity that most of these likely found their way onto the dark web via breaches of third-party sites employees had signed up to using their corporate email.

As RepKnight warned, these log-ins could be used by hackers to access a trove of sensitive corporate IP including tenders, proposals, plans and client data.

There’s also a risk that attackers could locate stores of customer data, representing a risk to GDPR compliance.

One strategy highlighted by RepKnight was for attackers to use the log-ins to covertly access the corporate email accounts of targeted individuals, selected perhaps after some LinkedIn-based research because of the role they have with the company.

They could then set-up redirects to accounts under their control. The vendor claimed to have recently discovered a client who had over 5000 emails re-directed to a malicious third-party in just a five-day period.

“With the growth in digital information sharing across the construction project lifecycle, the possibility of a data breach occurring at some stage becomes ever more real,” argued RepKnight cybersecurity analyst, Patrick Martin.

“Because of this, these firms must ensure that they have ‘high visibility’ of their data at all times and have safety measures in place to protect it — especially because most of their sensitive data often lives outside the firewall. Monitoring for cyber-attacks or data breaches inside their corporate network is no longer enough, as it is possible that a breach can happen anywhere across the entire supply chain of your business.”

The findings call to mind separate research from the firm in January this year which revealed over one million corporate email addresses belonging to 500 of the UK’s top law firms, 80% of which had an associated password.

Alongside multi-factor authentication, use of password managers and strong authentication security policies, firms can consider dark web intelligence services to scan for compromised credentials.

Source: Information Security Magazine