Cybersecurity experts from Tripwire, Proficio and Securonix commented on CIA-backed company Recorded Future’s report of stolen government log-ins all over the Web Visit HERE.
Ken Westin, Senior Security Analyst, Tripwire (www.tripwire.com):
“There are massive amounts of information available on the Internet from various data breaches, and these data allow attackers to easily identify and correlate a variety of personal information. Personal email addresses, social media accounts and other data may also be available as well as work email and login credentials from other breaches. Pastebin searches bring up a number of compromised accounts from recent breaches, but it’s likely these credentials are no longer valid. However, many threat actors monitor these Pastebin and other similar site in real-time, so when new credentials are posted they can correlate this information and act on them quickly.
To defend against the sophisticated abilities to correlate personal data from a variety of sources a number of organizations integrate and aggregate threat intelligence data from Pastebin and similar sites into their SIEM to alert system administrators when accounts may be compromised. Monitoring the Internet, specifically paste sites and forums for activity related to these sites for corporate domain names, is becoming increasingly common.
Cyberattack detection is no longer just about monitoring what is happening on your network, but also monitoring externally for email addresses, PII and intellectual property that could be precursors to an attack or indicators of compromise. The reality is that malware often shares many of the same files and libraries as legitimate software so identifying a threat involves a correlation of multiple file changes and behavior. Organizations that haven’t yet implemented these kinds of capabilities often have a blind spot in their cybersecurity visibility.”
Tim Erlin, Director of IT Security and Risk Strategy, Tripwire (www.tripwire.com):
“All it takes is one successful phishing email to compromise an organization, and while an email address is certainly not a secret, the wide distribution of employee email addresses certainly makes the criminals’ jobs a little easier. Reuse of passwords can be a huge problem for anyone, but for a government employee, the consequences might have national security implications. All organizations should be employing strong authentication to mitigate this threat.”
Brad Taylor, CEO, Proficio (www.proficio.com):
“The fundamental problem here is government employees are using a combination of their email and a weak password for login credentials. Hackers are finding the former and breaking the latter. We recommend the adoption of two-factor authentication and complex passwords to stop this madness!”
Igor Baikalov, Chief Scientist, Securonix (www.securonix.com):
“Yes, there are millions of user credentials posted on the Web, and hundreds of millions more available for sale. You don’t really need CIA-backed technology to scan those for .gov emails, and you most likely will find a lot more than a few hundred of them.
In fact, security-conscious companies have been doing just that for years: scanning every known dump site for their employees’ credentials (based on work email) and other company data (credit card or account numbers) that might be posted up for sale.
What these companies also did was to implement user behavior analytics (UBA) solutions as an additional line of defense. UBA is watching for anomalies in user behavior, and if the user credentials fall in the wrong hands, it can detect account compromise and prevent potentially devastating attack.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.