A research by global IT security company ImmuniWeb showed that 97% of cybersecurity firms had faced data leaks on the Dark Web, and that a significant number of these happened in August, 2020.
These revelations confirm that even Cybersecurity companies, those designed to protect consumer assets, are not safe from cyberattacks. Most importantly, ImmuniWeb’s research was an exploration into the adeptness of our cybersecurity measures, and an analysis of the leakage of private data on the Dark Web.
The research included 398 companies headquartered in 26 countries, mostly US and Europe. Out of these, only those from Switzerland, Portugal, and Italy did not suffer from damage to critical data. ImmuniWeb used their signature online Domain Security Test, which combines the elements of Machine Learning with a proprietary OSINT technology, to excavate the amount of data leaked on the Dark Web. The test gathers information from hacking forums, underground marketplaces, IRC and Telegram channels, public code repositories, and WhatsApp groups.
Data leaks on Dark Web
More than 1 million data leaks were observed in the research, and 631,512 of these were verified. Among these verified threats, nearly one-quarter was composed of high or critical risk threats. This includes threats spilling personal information along with recent company data.
The largest companies among the ones surveyed are located in the most developed countries – US, UK, and other European giants. However, according to the research, most European countries faced minor attacks and threats. Indicatively, large cybersecurity companies in the USA are in a vulnerable position, which is a concern for the companies’ clientele. Moreover, approximately 50% of all verified leaks were reported in the USA. Roughly, one-third of these American cybersecurity breaches were of the highest degree.
Nearly half of the data that was leaked on the dark web constituted some form of PII (Personally Identifiable Information) and other private corporate data, which is supposed to stay within the bounds of the company. According to a report by The Hindu, more than half of the leaked data involved plaintext information like financial credentials.
Lazy passwords are like open doors
Lousy security procedure was the primary cause for the high number of leaks. Employees using weak passwords – less than 8 characters, using only numbers, not using lower and upper cases, not using symbols, etc – are the prime culprits in this research. The most commonly used password was “password”, observed 1,186 times in the survey.
Moreover, some employees reuse passwords, and this weakens the security provisions even more, making the database more vulnerable to hackers. This was observed in 161 companies.
Use of professional email addresses on adult video sites or adult dating sites was another important cause of the leaks. This allows third parties to access company credentials and opens up avenues for trojan horses (like Qbot and Emotet) to hack into company software.
Specifically, the trojans present in third party softwares gain access to the websites of cybersecurity companies. Several different third-party industries are responsible for this – Personal services, shopping, games, etc. All these services are generally clients, subsidiaries, or suppliers for cybersecurity companies.
Non-compliance towards following guidelines
Companies themselves are also responsible for this maladministration. They keep using old, outdated, and vulnerable softwares, and ignore PCI DDS and General Data Protection Regulation (GDPR) requirements.
Ilia Kolochenko, CEO & Founder of ImmuniWeb, said “Today, cybercriminals endeavor to maximize their profits and minimize their risks by targeting trusted third parties instead of going after the ultimate victims. These third parties, ranging from law firms to IT companies usually lack internal expertise and budget required to react quickly to the growing spectrum of targeted attacks.” She also stated that the hackers’ task was simply to “crack the weakest link”.