Volume of Stolen Credentials Soars 141% in North America

Volume of Stolen Credentials Soars 141% in North America

The number of compromised credentials detected in North American botnets has soared 141%, according to the latest quarterly analysis from Blueliv.

The cyber-threat intelligence vendor scans the open, deep and dark web for signs of stolen log-ins for its clients, so that they can take action before the cyber-criminals have had a chance to monetize their wares.

The large rise between the March to May and June to August quarters this year came alongside declines in other regions.

Europe and Russia saw a decrease of 22%, while compromised credentials geo-located to Asian botnets dropped by 36%. A sharp drop of detections (33%) in July and August in Europe and Russia matched a 77% increase in Asia, indicating a botnet may have been taken down in Europe while Asian campaigns thrived, according to the firm.

“All it takes is a single good credential for a threat actor gain access to an organization and cause havoc,” argued Blueliv CEO, Daniel Solís.

“We are observing a booming market for credential theft, and the latest statistics show that this sort of cybercrime is a truly global enterprise. By understanding the lifecycle of the compromised credential, CISOs seeking to protect their business and analysts looking for IOCs gain valuable information to shrink their attack surface.”

According to the firm’s recent report, The Credential Theft Ecosystem, once attackers have infiltrated targeted organizations via compromised credentials, they can access customer databases to harvest PII and/or user log-ins to sell on the dark web or use directly to commit identity theft.

Other potential impacts of corporate credential theft include blackmail, BEC, espionage, hacktivism and more.

“As long as credentials remain the preferred way for companies to authenticate their employees and customers, they’ll continue to be the weakest link in the cybersecurity chain,” the firm noted.

In terms of credential-harvesting malware, Pony, KeyBase and LokiPWS (also known as Loki Bot) were most popular, with Pony out in front, although LokiPWS samples increased 91% quarter-over-quarter.

Source: Information Security Magazine