Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
Dark Web

ImmuniWeb: 97% of Cybersecurity firms face data leaks on Dark Web

Staff ReporterBy Staff ReporterUpdated:December 8, 2020 on December 8, 2020
ImmuniWeb: 97% of Cybersecurity firms face data leaks on Dark Web
Image credit: Pixabay
Share
Reddit Facebook Twitter LinkedIn Pinterest WhatsApp Email

A research by global IT security company ImmuniWeb showed that 97% of cybersecurity firms had faced data leaks on the Dark Web, and that a significant number of these happened in August, 2020. 

These revelations confirm that even Cybersecurity companies, those designed to protect consumer assets, are not safe from cyberattacks. Most importantly, ImmuniWeb’s research was an exploration into the adeptness of our cybersecurity measures, and an analysis of the leakage of private data on the Dark Web. 

The research included 398 companies headquartered in 26 countries, mostly US and Europe. Out of these, only those from Switzerland, Portugal, and Italy did not suffer from damage to critical data. ImmuniWeb used their signature online Domain Security Test, which combines the elements of Machine Learning with a proprietary OSINT technology, to excavate the amount of data leaked on the Dark Web. The test gathers information from hacking forums, underground marketplaces, IRC and Telegram channels, public code repositories, and WhatsApp groups. 

Data leaks on Dark Web

More than 1 million data leaks were observed in the research, and 631,512 of these were verified. Among these verified threats, nearly one-quarter was composed of high or critical risk threats. This includes threats spilling personal information along with recent company data. 

ImmuniWeb: 97% of Cybersecurity firms face data leaks on Dark Web
Source: Immuniweb

The largest companies among the ones surveyed are located in the most developed countries – US, UK, and other European giants. However, according to the research, most European countries faced minor attacks and threats. Indicatively, large cybersecurity companies in the USA are in a vulnerable position, which is a concern for the companies’ clientele. Moreover, approximately 50% of all verified leaks were reported in the USA. Roughly, one-third of these American cybersecurity breaches were of the highest degree.    

Nearly half of the data that was leaked on the dark web constituted some form of PII (Personally Identifiable Information) and other private corporate data, which is supposed to stay within the bounds of the company. According to a report by The Hindu, more than half of the leaked data involved plaintext information like financial credentials. 

Lazy passwords are like open doors

Lousy security procedure was the primary cause for the high number of leaks. Employees using weak passwords – less than 8 characters, using only numbers, not using lower and upper cases, not using symbols, etc – are the prime culprits in this research. The most commonly used password was “password”, observed 1,186 times in the survey.  

Moreover, some employees reuse passwords, and this weakens the security provisions even more, making the database more vulnerable to hackers. This was observed in 161 companies. 

Third-party breaches

Use of professional email addresses on adult video sites or adult dating sites was another important cause of the leaks. This allows third parties to access company credentials and opens up avenues for trojan horses (like Qbot and Emotet) to hack into company software.

Specifically, the trojans present in third party softwares gain access to the websites of cybersecurity companies. Several different third-party industries are responsible for this – Personal services, shopping, games, etc. All these services are generally clients, subsidiaries, or suppliers for cybersecurity companies. 

Non-compliance towards following guidelines

Companies themselves are also responsible for this maladministration. They keep using old, outdated, and vulnerable softwares, and ignore PCI DDS and General Data Protection Regulation (GDPR) requirements. 

PCI DDS requirements enforce companies to hold a Web Application Firewall (WAF) in blocking mode, and ask them to dispose of outdated software, hence reducing the possibility of a cyber threat. GDPR policies poke companies to enable notifications about cookies tapping onto PII, and include a conspicuously visible privacy policy as well. However, ImmuniWeb found that 63% of companies surveyed do not follow PCI DDS guidelines, and 48% ignore the valuable GDPR requirements. 

PCI DSS & GDPR Compliance This is a copyrighted material. Any usage must mention ImmuniWeb with a backlink: https://www.immuniweb.com/blog/state-cybersecurity-dark-web-exposure.html © 2020 ImmuniWeb
Source: Immuniweb

Ilia Kolochenko, CEO & Founder of ImmuniWeb, said “Today, cybercriminals endeavor to maximize their profits and minimize their risks by targeting trusted third parties instead of going after the ultimate victims. These third parties, ranging from law firms to IT companies usually lack internal expertise and budget required to react quickly to the growing spectrum of targeted attacks.” She also stated that the hackers’ task was simply to “crack the weakest link”. 

Dark Web Data Privacy Featured Security
Disclaimer
Read More Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
Previous ArticleRazer fintech teams up with Franklin Templeton to make digital wealth management platform
Next Article More than 600 organizations become victim of Ransomware attacks, report says
Staff Reporter
  • Facebook
  • Twitter
  • Tumblr

Staff reporter brings the latest financial technology, cybersecurity news and tech updates.

Recommended Posts

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

4 months ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

4 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

6 months ago

Oxford United FC joins the mental health conversation through new sponsorship

8 months ago
View 3 Comments

Comments are closed.

Latest

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

4 months ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

4 months ago

KX.finance announces upcoming DeFi/DEX aggregator launch on APTOS/SUI blockchain

6 months ago

HyperBC Group unveils Zero interest Crypto Credit Card HyperCard, obtains Lithuanian Financial License

6 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

6 months ago
Morning Tick
Facebook Twitter Instagram Pinterest RSS
  • About Us
  • Press Toolkit
  • Disclaimer
  • Contact Us
  • Privacy Policy
  • Sitemap
© 2023 Morning Tick. Disclaimer: The information provided on this website shouldn't be considered as investment, tax, legal, or trading advice.

Type above and press Enter to search. Press Esc to cancel.