Credential leakage on the dark web is constantly growing, which reveals a painful reality: a significant proportion of organizations still don’t protect employee data properly. A report published by Arctic Wolf highlights that the number of corporate passwords that have been leaked to the dark web has shot up by 429% since last March. Thus, on average and for each organization, up to 17 credentials (including username and password) are available on the dark web.
Credential leaks on the dark web are obviously a serious matter: an unauthorized and malicious user can access the organization's servers and move around from there to get hold of confidential information. The data in this report also reveals that hackers do not sleep: most cyberattacks take place between 8 p.m. and 8 a.m. the next day (35%), and at weekends (14%), which is when most companies are closed. This means that precautions must be taken 24 hours a day, and these dangers increased during the pandemic, mainly due to the increase in remote working.
The importance of securing credentials properly
This situation forces organizations to protect information actively, and the first step is to strengthen credentials and prevent them from being stolen. MSPs should not rely on their customers using complex passwords, as even these can be stolen by trojans such as Mimikatz. To make matters even more complicated, many users use weak passwords, or worse, "between 2 and 5 passwords for all their logins," according to Alexandre Cagnoni, director of authentication at WatchGuard Technologies. For example, the same password is sometimes used for a shared Netflix account and to access a corporate server remotely.
If this "shared" password is used on a service that has suffered a security breach, it will most likely end up on the dark web without the owner being aware of it. This is precisely what happened to about half a million active accounts of the popular video conferencing service Zoom, which were for sale on the dark web and affected users of banks such as Chase and Citibank, as well as educational institutions in the United States.
The safest thing to do? Use authentication with push notification
Multi-factor authentication (MFA) has become an essential security layer to ensure that whoever is entering credentials is the real user and not a usurper. However, MFA that is based on sending tokens to mobile devices has been shown to be not as secure as expected. The real shielding takes place when MFA is carried out via a push notification that is not dependent on a phone number and offers a number of advantages over sending temporary codes:
When a hacker attempts to access a service using valid credentials, the user will receive a notification that will automatically block the access attempt if it is not approved.
Unless they are trying to access the service, if users receive a notification like this the password has probably been compromised, so you have time to change the password.
Push notifications can incorporate additional data such as geolocation or the platform from which access is requested, which gives valuable clues to the user or MSP as to the origin of the request and its authenticity.
Passwords combined with push-based MFA are still the most secure way to protect access to services today. This highlights the limited suitability of passwordless access and biometric components, which are not supported on most websites and are not flexible enough to be used in Cloud applications or to access various devices such as mobile phones.
WatchGuard AuthPoint multi-factor authentication (MFA) allows users to use a dashboard to manage push notifications to validate access on multiple devices. This management is carried out in an intuitive way and, above all, ensures that access requests are validated one by one by the MSP or service manager, blocking the request if this is not the case. Additionally, access can be protected through the use of hardware tokens, which generate one-time passwords (OTP) and simplify the authentication process.