FTSE firms are at risk from employees as a result the re-use of corporate log-in details on third-party sites, according to threat intelligence firm Anomali. Over 5 000 password and e-mail combinations are already compromised, they say in their report, “The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures”.
The intelligence firm monitored the Dark net for the past three months to compile the report, and found the 5 275 e-mail/unencrypted password accounts on forums of hackers and paste sites. This figure represents an average of 50 employees for each of FTSE 100 firms that have been compromised.
The information was stolen in typical data-breach incidents involving non-work-related sites. One example was in April when the database of a high profile U.K football team was dumped on the Dark net; 40+ password/e-mail combinations from 23 countries were exposed. Armed with this information, hackers could access corporate networks and have free reign.
Gas and oil companies made up 20 percent of the detected compromises which asks the question whether or not criminals could potentially open a door to SCADA (Security Control And Data Acquisition) systems. Jonathan Martin, operations director at Anomali pointed out that many forms are still not configured to use two-factor authentication (2FA), and this creates vulnerabilities: “Rather, we need to have much greater education of employees on all security matters but particularly around using work emails on non-work related sites.”
Martin was also critical of employees being ‘unaware’ of risks,”Often, it’s simply a case of people simply not understanding or thinking through the implications of how a compromised work email could be used to launch a range of attacks against both the individual employee as well as others in the organization“.
In the report is also a warning about the danger of the domain spoofing of FTSE ‘sites. In the last quarter, 81 companies were threatened by possibly malicious domain registrations – most came China with the U.S and Panama next, the report showed. The mal-domains are used in phishing e-mails to lend credibility to e-mails seeking information – or delivering ransomware. The financial sector was the most targeted, with 376 suspect domains tracked, then retail (175), and critical infrastructure (75).