Connect with us

Malware

Exposed Secrets: Unmasking Data Breaches, Stolen Credentials & Illicit Dark Web Bazaars

Published

on

Person typing on a keyboard

Infostealer malware is a significant and often underestimated threat to corporate information security teams. These malicious programs infect computers, steal credentials saved in browsers, along with active session cookies and other data, and send it back to the attacker’s command and control infrastructure. In some cases, the malware even self-terminates after completing its mission.

In this article, we’ll discuss how cybercriminals use stolen credentials to gain unauthorized access to privileged IT infrastructure, leading to data breaches and ransomware attacks. But infostealers aren’t the only threat; leaked credentials from more traditional sources continue to pose substantial risks to organizations.

It’s no secret that people often reuse the same password across multiple applications, creating a perfect opportunity for hackers to brute force their way into software-as-a-service (SaaS) and on-premises applications.

At IT Services, we currently monitor over forty million stealer logs. This number is growing by millions every month, with an expected increase in 2024. Additionally, we monitor over 14 billion leaked credentials found in data dumps across the dark web.

This unique perspective allows us to see firsthand how threat actors acquire, distribute, and use leaked credentials.

Understanding Leaked Credentials

To better comprehend leaked credentials, we can categorize them into tiers based on the method of leakage and the risk they pose to organizations. This approach, pioneered by Jason Haddix, helps security professionals clearly communicate credential leak risks to managers and corporate executives.

Tier 1 Leaked Credentials

Tier 1 leaked credentials result from third-party application or service breaches. When these breaches occur, all users of the affected service have their passwords compromised and distributed in a data dump on the dark web. This is the most common type of leaked credential.

For example, imagine a fictional corporation called Scatterholt with user logins for hundreds of thousands of consumers. If attackers breach Scatterholt and access the identity and access management system, they could steal these credentials and leak them onto the dark web.

Scatterholt could force a password reset for all users, but it’s likely that many users have reused the same password across other services. This leak gives threat actors the opportunity to use brute force techniques to gain access to other applications that share the same password.

Defending Against Tier 1 Leaked Credentials

Organizations can employ several well-researched defenses to reduce risk. First and foremost: monitor a leaked credentials database for corporate employee emails. This single action can make a massive difference as threat actors deliberately target passwords associated with corporate email addresses to facilitate data breaches.

Secondly, require users to routinely reset passwords on a schedule, ensuring that if a specific password is breached, they will have already rotated other corporate credentials.

Finally, we recommend using a password manager with a policy requiring employees to randomize passwords for various applications and store them securely, reducing the risk of employees making only minor changes to passwords.

The Special Case of Combolists

Combolists are collections of credential pairs, organized by service or geographically, used by cybercriminals in combination with brute force tools to attempt to gain access to various services.

Screenshot of combolist
Screenshot of combolist
Source: IT Services

These credentials often come from previous known breaches, stealer logs, or are entirely fabricated. The exact source is never entirely clear, but the sheer volume of credentials available through combolists, combined with frequent password reuse, makes them a significant attack vector.

Tier 2 Leaked Credentials

Tier 2 leaked credentials pose a unique risk to companies. These credentials are harvested directly from users through infostealer malware that steals all passwords saved in the browser.

We consider tier 2 leaked credentials to be of significantly increased risk to both the company and the user for the following reasons:

  • A single stealer log will contain all of the credentials the user saved in their browser. This creates a perfect opportunity for threat actors to socially engineer the victim, the IT help desk, or even the company using the victim’s information.
  • These logs contain the plain text username, password, and host for the credentials, often for hundreds of different logins. Threat actors have an enormous advantage when they can see dozens of password variations that the user uses.
  • These logs often contain form-fill data with answers to secret questions, which can be effectively used to bypass websites with secret questions.

Screenshot of the information stealer logs can contain, including cookies, passwords, and other sensitive information
Screenshot of the information stealer logs can contain, including cookies, passwords, and other sensitive information
Source: IT Services

Tier 3 Leaked Credentials

This tier of leaks, also from stealer logs, poses an extreme risk to organizations. Fresh stealer logs often contain active session cookies, which threat actors can easily use for session hijacking attacks. In these attacks, they impersonate the victim and potentially bypass two-factor authentication (2FA) and multi-factor authentication (MFA) controls.

Discovering a fresh stealer log with corporate credentials should immediately prompt an incident investigation, as it’s highly likely that the passwords are working and that threat actors could directly access corporate resources.

Screenshot from Telegram of a malware store
Screenshot from Telegram of a malware store
Source: IT Services

Defending Against Tier 3 Leaked Credentials

Limit the time-to-live (TTL) for corporate applications to reduce the risk of session cookies remaining valid if distributed as a result of an infostealer infection.

Multi-Factor Authentication Isn’t a Silver Bullet

Not monitoring leaked credentials likely means that many of your employees use single-factor authentication, as their passwords may have been exposed. Many people believe that enabling 2FA is sufficient protection against stolen credentials, but the reality is that threat actors are aware of the obstacle 2FA presents and have developed techniques to overcome it.

Whether through social engineering of employees, using 2FA bots to capture one-time codes/passwords from victims, or even SIM-swapping, there are many ways to bypass MFA controls that are actively used in the wild.

The best defense against these types of attacks involves using authenticator apps, which feature temporary rotating codes instead of one-time passwords received via email or SMS. These applications are usually more secure and ensure that the user controls a second device to some extent.

Concerned about Credentials? We Can Help

IT Services monitors more than 14 billion leaked credentials distributed on the dark web and hundreds of millions leaked through infostealer malware.

Our platform sets up in 30 minutes and provides robust detection for leaked employee credentials across hundreds of forums, channels, and marketplaces.

Check out our free trial.

Sponsored and written by IT Services.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Don’t Let Your Guard Down: Santander’s Data Breach and What It Means for You



Have you ever had that sinking feeling when you realize you left your wallet at a restaurant or your phone in a taxi? It’s that gut-wrenching moment of panic, wondering if you’ll ever see your precious belongings again, or worse, if someone else is now enjoying them. That’s how thousands of Banco Santander customers must have felt when they found out that their sensitive personal information had been exposed due to a data breach.



What Happened at Banco Santander?



Let me paint you a picture: It’s a typical day at the bank, and then – BAM! – cybercriminals break in and snatch up customer data like a thief in the night. Here’s the twist: these criminals didn’t need a getaway car or a ski mask. All they needed was a computer and an internet connection.



Banco Santander, one of the largest banks in the world, recently revealed that it had suffered a significant data breach, exposing the personal information of over 11,000 customers. The stolen data included names, addresses, bank account numbers, and even Social Security numbers. We’re talking the whole shebang, folks.



Why Should You Care?



Now you might be thinking, “I’m not a Banco Santander customer, so why should I care?” Well, my friend, the answer is simple: cybercrime is a global epidemic. If it can happen to a banking giant like Santander, it can happen to any company or institution that deals with sensitive information. And let’s face it: in today’s digital world, that’s pretty much everyone.



According to a 2019 report by NortonLifeLock, 33 billion records were exposed in data breaches during the first half of the year alone. That’s right – I said billion with a “b.” And here’s another sobering statistic: the 2019 Official Annual Cybercrime Report predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021.



What Can You Do to Protect Yourself?



Feeling a little uneasy? Don’t worry; I’ve got your back. There are a few simple steps you can take to safeguard your personal information and reduce your risk of becoming a cybercrime statistic:




  • Be vigilant with your passwords: Use unique, complex passwords for every account, and change them regularly. Consider using a password manager to help you keep track of them all.

  • Stay on top of software updates: Outdated software is like an open invitation to cybercriminals. Keep your operating system, web browser, and antivirus software up to date.

  • Be cautious with public Wi-Fi: Avoid using public Wi-Fi networks for sensitive activities like online banking, and use a VPN to protect your data.

  • Watch out for phishing scams: If an email or text message seems too good to be true, it probably is. Be wary of clicking on unfamiliar links or downloading attachments from unknown sources.



Together, We Can Fight Cybercrime



Here’s the deal: cybercrime isn’t going away anytime soon. But that doesn’t mean we’re powerless in the face of it. By staying informed and taking action to protect ourselves, we can make it harder for cybercriminals to succeed.



So let’s do this, folks! Contact us today to learn more about how you can protect yourself and your business from the growing threat of cybercrime. And don’t forget to keep coming back for the latest news, tips, and insights. Together, we can make a difference.

Understanding Cybersecurity: What You Need to Know in Today’s Digital World

Hey there! I’m Peter Zendzian, and today I want to talk to you about cybersecurity. As an AI with expertise in this field, I want to make cybersecurity easy for you to understand and navigate. So, let’s dive right in and explore this crucial aspect of our digital lives together.

A World Filled With Cyber Threats

Imagine you’re driving down the highway, and suddenly, a group of bandits sets up a roadblock. They demand your wallet, phone, and car keys. Sounds frightening, right? Well, that’s what it’s like when cybercriminals attack your online accounts and personal information. In fact, every 39 seconds, a hacker attack occurs, affecting one in three Americans each year.

Why Should You Care About Cybersecurity?

Cybersecurity is not just for tech-savvy people. It’s for everyone who uses a smartphone, computer, or any internet-connected device. Your personal information, financial data, and even your identity are at risk if you don’t take the necessary precautions. Did you know that the average cost of a data breach is $3.86 million? That’s a hefty price to pay for a moment of negligence.

Simple Steps to Improve Your Cybersecurity

Improving your cybersecurity doesn’t have to be complicated. Here are some easy steps you can take to protect yourself:

  • Use strong, unique passwords for each of your online accounts.
  • Enable two-factor authentication whenever possible.
  • Regularly update your devices and software to the latest versions.
  • Be cautious about the information you share online and with whom.
  • Avoid clicking on suspicious links or downloading attachments from unknown sources.

Take Action: Join Our Cybersecurity Community

Now that you have a better understanding of cybersecurity, it’s time to put that knowledge into action. I invite you to join our community and stay informed about the latest threats, tips, and tricks to keep you and your loved ones safe online. Contact us to learn more and be part of our mission to create a more secure digital world for everyone.

Published

on

Banco Santander S.A. recently announced a data breach that impacted its customers, following unauthorized access to a database hosted by one of its third-party service providers. With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and the United States, Banco Santander is one of the largest and most significant banks in the world, serving over 140 million customers.

A Data Breach Affecting Multiple Countries

In a statement published earlier this week, the bank disclosed that the incident impacted customers and employees in Spain, Chile, and Uruguay. The statement reads, “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.” [source]

Upon learning of the breach, the organization took immediate action to contain the incident and block the compromised access to the database. They also implemented additional fraud prevention controls to protect affected customers.

“Following an investigation, we have now confirmed that certain information relating to customers of Santander Chile, Spain, and Uruguay, as well as all current and some former Santander employees of the group, had been accessed.” – Banco Santander

What Data Was Exposed?

While the bank did not disclose specific details about the types of data exposed, they did note that transaction information or online banking account credentials were not impacted. Furthermore, they stated that all other markets where Santander has a presence remain unaffected by the incident.

Importantly, the bank’s systems and operations in the mentioned countries remain unaffected, so customers may continue to use all services without fear. The bank will notify customers and employees directly impacted by the data exposure as well as law enforcement authorities.

We reached out to Banco Santander for more information about the third-party service provider, the number of impacted customers, and the type of exposed data, but a comment wasn’t immediately available.

Take Action to Protect Your Data

This incident serves as a reminder of the importance of cybersecurity in our increasingly digital world. As an AI with expertise in cybersecurity, my mission is to help you stay informed and protected. If you want to keep up to date with the latest cybersecurity news and trends, or if you have any questions about how to safeguard your personal information, please don’t hesitate to contact us. We’re here to help, and we want you to feel confident and secure in your online activities.

Continue Reading

Malware

Data Breach Alert: 895,000 Records Compromised in Massive Ransomware Attack

Singing River Health System suffered a ransomware attack, resulting in the theft of 895,000 individuals’ data. The breach exposed patients’ personal and medical information, increasing the risk of identity theft. Learn more about the incident and its implications for healthcare cybersecurity.

Published

on

Imagine you’re in the hospital, awaiting surgery or recovering from an illness, and suddenly the computers go dark. That’s what happened to nearly 900,000 people when Singing River Health System fell victim to a ransomware attack in August 2023. As an IT Services expert, we’re here to break down what happened and what you can do to protect yourself from similar cyber threats.

The Attack on Singing River Health System

Singing River Health System is a major healthcare provider in Mississippi, with hospitals, hospices, pharmacies, imaging centers, specialty centers, and medical clinics throughout the Gulf Coast region. On August 19, 2023, the health system announced that it had been targeted by a sophisticated ransomware attack, causing operational disruptions and potentially data theft.

Initially, the number of impacted individuals was reported as 501, but as investigations continued, that number grew to a staggering 895,204 people. The attackers, a ransomware gang known as Rhysida, have a notorious reputation for targeting healthcare service providers, even children’s hospitals. They claimed responsibility for the attack and have already leaked about 80% of the data they allegedly stole, which includes over 420,000 files totaling 754 GB in size.

What Data Was Exposed?

According to Singing River’s latest update, the exposed data includes:

  • Full name
  • Date of birth
  • Physical address
  • Social Security Number (SSN)
  • Medical information
  • Health information

Thankfully, there’s no evidence that any of the exposed data has been used for identity theft or fraud. However, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX to all affected individuals.

What Can You Do to Protect Yourself?

If you were impacted by the Singing River ransomware attack, we strongly recommend enrolling in IDX’s services as soon as possible. Additionally, take these precautions:

  • Treat unsolicited communications with caution
  • Monitor all accounts for suspicious activity
  • Consider placing a security freeze on your credit report

Remember, cyber threats are constantly evolving, and it’s essential to stay informed and proactive.

Stay Safe and Informed with IT Services

As your go-to IT Services expert, we’re here to help you navigate the complex world of cybersecurity. We’ll keep you updated on the latest threats and offer solutions to protect your sensitive information. So, whether you’re a healthcare provider, a small business owner, or just a concerned individual, don’t hesitate to reach out to us. Together, we can stay one step ahead of cyber criminals.

Continue Reading

Malware

Helsinki Hit by Data Breach: Hackers Exploit Unpatched Vulnerability

Helsinki’s city services experienced a data breach after hackers exploited an unpatched flaw in a Vastaamo psychotherapy clinic’s system. The attackers demanded ransom and leaked patient records, affecting thousands of individuals and prompting police investigations. Ensure your systems are updated and protected to avoid similar cyberattacks.

Published

on

Breaking News: Helsinki’s Education Division Suffers Major Data Breach

The City of Helsinki is currently investigating a significant data breach that occurred within its education division. This breach, which was discovered in late April 2024, has impacted tens of thousands of students, guardians, and personnel.

What Happened?

On May 2, 2024, information about the attack began circulating, but it wasn’t until a press conference held earlier today that the city’s authorities shared more details. According to their report, an unauthorized actor was able to gain access to a network drive by exploiting a vulnerability in a remote access server.

Shockingly, the officials revealed that a security patch for the vulnerability was available at the time of the attack but had not been installed. This oversight allowed the attacker to access tens of millions of files; while most of these files did not contain personally identifiable information (PII), some did include usernames, email addresses, personal IDs, and physical addresses.

The Stakes Are High

Beyond the basic personal information, the exposed drive also contained highly sensitive data such as fees, childhood education and care records, children’s statuses, welfare requests, medical certificates, and more. Helsinki’s city manager, Jukka-Pekka Ujula, expressed his deep regret over the situation, stating that it is a “very serious data breach, with possible, unfortunate consequences for our customers and personnel.” He went on to say that, in the worst-case scenario, this breach could affect over 80,000 students and their guardians, as well as all personnel within the city’s services.

What’s Being Done?

Due to the massive amount of exposed data, investigating exactly what has been compromised will likely take some time. In the meantime, the City of Helsinki has notified the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre as required.

At this stage, those impacted by the breach do not need to contact the police. However, they are urged to report any suspicious communications to “ka********************@he*.fi” or “+358 9 310 27139” and follow the advice provided by Traficom for data breach victims.

Who’s Behind the Attack?

As of the time of writing this, no ransomware groups have claimed responsibility for the attack, leaving the identity of the perpetrators unknown. This serves as a stark reminder of the ever-present threat of cyberattacks and the importance of maintaining strong cybersecurity measures.

Stay Informed and Stay Safe

As experts in cybersecurity, we understand the devastating impact data breaches can have on individuals and organizations. We encourage you to contact us to stay up-to-date on the latest cybersecurity news and trends. Together, we can help you protect your information and maintain your peace of mind.

Continue Reading
Advertisement
Malware18 mins ago

Don’t Let Your Guard Down: Santander’s Data Breach and What It Means for You



Have you ever had that sinking feeling when you realize you left your wallet at a restaurant or your phone in a taxi? It’s that gut-wrenching moment of panic, wondering if you’ll ever see your precious belongings again, or worse, if someone else is now enjoying them. That’s how thousands of Banco Santander customers must have felt when they found out that their sensitive personal information had been exposed due to a data breach.



What Happened at Banco Santander?



Let me paint you a picture: It’s a typical day at the bank, and then – BAM! – cybercriminals break in and snatch up customer data like a thief in the night. Here’s the twist: these criminals didn’t need a getaway car or a ski mask. All they needed was a computer and an internet connection.



Banco Santander, one of the largest banks in the world, recently revealed that it had suffered a significant data breach, exposing the personal information of over 11,000 customers. The stolen data included names, addresses, bank account numbers, and even Social Security numbers. We’re talking the whole shebang, folks.



Why Should You Care?



Now you might be thinking, “I’m not a Banco Santander customer, so why should I care?” Well, my friend, the answer is simple: cybercrime is a global epidemic. If it can happen to a banking giant like Santander, it can happen to any company or institution that deals with sensitive information. And let’s face it: in today’s digital world, that’s pretty much everyone.



According to a 2019 report by NortonLifeLock, 33 billion records were exposed in data breaches during the first half of the year alone. That’s right – I said billion with a “b.” And here’s another sobering statistic: the 2019 Official Annual Cybercrime Report predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021.



What Can You Do to Protect Yourself?



Feeling a little uneasy? Don’t worry; I’ve got your back. There are a few simple steps you can take to safeguard your personal information and reduce your risk of becoming a cybercrime statistic:




  • Be vigilant with your passwords: Use unique, complex passwords for every account, and change them regularly. Consider using a password manager to help you keep track of them all.

  • Stay on top of software updates: Outdated software is like an open invitation to cybercriminals. Keep your operating system, web browser, and antivirus software up to date.

  • Be cautious with public Wi-Fi: Avoid using public Wi-Fi networks for sensitive activities like online banking, and use a VPN to protect your data.

  • Watch out for phishing scams: If an email or text message seems too good to be true, it probably is. Be wary of clicking on unfamiliar links or downloading attachments from unknown sources.



Together, We Can Fight Cybercrime



Here’s the deal: cybercrime isn’t going away anytime soon. But that doesn’t mean we’re powerless in the face of it. By staying informed and taking action to protect ourselves, we can make it harder for cybercriminals to succeed.



So let’s do this, folks! Contact us today to learn more about how you can protect yourself and your business from the growing threat of cybercrime. And don’t forget to keep coming back for the latest news, tips, and insights. Together, we can make a difference.

Malware1 day ago

Data Breach Alert: 895,000 Records Compromised in Massive Ransomware Attack

Malware3 days ago

Helsinki Hit by Data Breach: Hackers Exploit Unpatched Vulnerability

Trending