For years, “dark” markets have contained stolen credentials for sale. One of the larger and more notorious markets was the Genesis Market, which was invite-only.
Over five years, the market offered data on over 1.5 million computers and 80 million account access credentials, according to the US Justice Department.
Recently, FBI and European law enforcement agencies arrested over 100 people in the takedown of the notorious Genesis Market. The operation was dubbed “Operation Cookie Monster.”
The crime forum was taken down through a concerted effort to arrest those involved and a takedown of the associated web domains.
Not Your Typical Marketplace
Stealing credentials can be difficult, as it often requires patience and persistence. For those looking to exploit credentials, purchasing a stolen password from “dark” markets may be easier than stealing it themselves.
These markets offer many different credentials for sale, some verified and some not.
In fact, these marketplaces often resemble entirely legitimate businesses. They feature help desks and ticketing systems, making it easy and commonplace to buy stolen credentials.
These exchanges often resemble traditional e-commerce sites and target buyers who may not be technically savvy but are in the market for such goods.
The sheer volume of stolen credentials means that even if a few don’t work, it only takes one or two with the correct information to be worthwhile and pay for the rest. This allows the markets to operate at scale without requiring every credential to work.
As a result, stolen credential datasets are all the more valuable for threat actors.
The Effects of a Stolen Credential
Many online services only require a login, consisting of a username and password. Unfortunately, users often reuse the same credentials across multiple services, making them vulnerable to theft.
Whether the theft is known or unknown, the consequences can be severe for those affected. Individual loss can be difficult to measure, from hacked bank accounts to compromised social media and personal documents.
The consequences can be devastating when an organization’s credentials are stolen, whether through phishing or another breach. Stolen credentials can often lead to a more extensive breach since they can be a launching point for a broader intrusion.
While multi-factor authentication (MFA) can help mitigate an attacker’s ability to gain access, not all services implement MFA equally, and it is not foolproof.
The Sale of Digital Fingerprints
A recent trend in cybercrime is the sale of “digital fingerprints.” This refers to the combined set of data that identifies a user online, which goes beyond just stolen credentials. A stolen credential can more easily bypass security systems by mimicking a legitimate computer by adding a digital fingerprint.
Furthermore, the Genesis Market promotes the subscription to a victim’s information. If a hacked computer remains compromised, the victim’s fingerprints will stay current, making further exploitation easier for the buyer.
As attackers’ tools become more sophisticated, the ease with which stolen credentials can be leveraged increases over time. For example, a buyer of a digital fingerprint could install a browser plugin that packages the user data into a simple-to-use tool.
An attacker can quickly access the stolen accounts when paired with access from the user’s location through a VPN or proxy tool.
The First Step to Protecting Your Organization
To prevent the loss of credentials, it’s important to adopt a layered defense since there are many potential attack vectors. Adhering to digital identify guidelines like NIST 800-63B and similar ones can help implement best practices for your password policies.
How can an organization update its policies, comply with evolving best practices, and protect its users? Here are 3 key tips:
- Reduce the need for arbitrary password complexity and instead focus on password length, such as requiring a minimum of 12 characters.
- Check new passwords against commonly used or previously compromised passwords.
- Do not reuse passwords across different services to prevent attacks like credential stuffing.
Furthermore, it’s essential to ensure that your users and organization is well-educated on avoiding and detecting cybersecurity risks such as phishing schemes, ransomware attempts, malicious websites and more.
Blocking Compromised Password from Your AD
Keeping up with best practices and lessons learned can be challenging. Fortunately, there are tools available to make the job easier.
For example, Specops Password Policy is built on the Group Policy engine in Active Directory and works in conjunction with existing password policy functions to enhance your password policy and help users create stronger passwords.
By making important password policies clear to users and alerting them when a breached password has been used, you can help keep yourself and your organization safe and in compliance.
Specops Password Policy offers a variety of features to help keep your organization secure. These include custom dictionaries, unique and customizable password policies, and powerful protection blocking over 3 billion compromised passwords.
Protecting Users From “Dark” Marketplaces
Stolen credentials are more than just a nuisance. With so many online services and applications requiring logins and with organizations heavily reliant on the connected world, a stolen credential can result in loss of revenue, an individual’s private data, and institutional secrets.
While one market for stolen credentials may be taken down, another will likely emerge, making it crucial to protect yourself and your organization with tools like Specops Password Policy with Breached Password Protection.
This solution can prevent the use of over 3 billion stolen credentials before they can be used to cause damage to your organization.
Sponsored and written by Specops Software