Are Your Passwords Up For Sale?
It's no secret that cyber crime is on the up. And, for the most part, spaces such as the Dark Web continue to be the digital equivalent of the Wild Wild West (and no, we aren't referring to the 1999 movie!).
Recently, we've touched on the spike in cyber crime - especially during times of COVID and the lockdown. But don't worry, this post turns out not to be another doom and gloom update about the need to be vigilant. Better news is on the horizon.
Password Security
In a world where cyber attacks are becoming increasingly more sophisticated, the shortcomings of passwords are there for all to see.
Phishing attacks are the most common way for an outsider to gain your password or credentials, typically using underhand approaches via social media, text messages or email.
Sometimes, the phisher won't even use the acquired password or credentials themselves. Instead, they'll trade them on the Dark Web.
And, if you don't have the security blanket that is two-factor authentication, all it takes is one successful phishing attack for you - or your organisation - to be in serious trouble.
However, as announced at the WWDC 2022, Apple, Google and Microsoft appear to be working to rid us of passwords.
Password Trading Websites Closed
We mentioned how cyber criminals trade passwords online, and such news may - and should - come as a concern to those who haven't ensured their staff are cyber secure.
But, now for the better news, as promised in the introduction.
As per Cybernews, the FBI has shut down a cyber criminal website for selling access to a staggering seven billion records of pilfered data, the Department of Justice announced.
The Bureau decided to shut down weleakinfo.to along with affiliated domains ipstress.inand ovh-booter.com, after an international investigation, found that they were trading in stolen personal credentials and facilitating cyber attacks.
“Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses," said the US Attorney Matthew Graves of the District of Columbia.
WeLeakInfo provided clients with a search engine that allowed them to browse its ill-gotten data haul, obtained in more than 10,000 breaches and including names, email addresses, passwords, and phone numbers. Cybercriminals paid for this service via subscription, ranging from one day in duration to lifetime membership.
All three websites are now in the custody of the FBI, and visitors will find nothing more than a notification informing them that they have been impounded under a seizure warrant issued by the District of Columbia.
Solutions
If you're concerned about the threat to your password security - or feel you may be vulnerable to outsiders, it can feel like you don't know where to turn. Fret not - options are available!
Partnering with an MSP (may we recommend Fifosys?) can give you access to one - or all - of the following, not to mention peace of mind:
Dark Web monitoring
The Last Word
Password-sharing websites - and similar faucets of the Dark Web - may never go away - even though the news from America is positive. At a minimum, they'll be around until we're in a passwordless society. Until then, why not get in touch to hear how we can help you?
At Fifosys, we've been operating for over 20 years. By now, there's very little our team of experts hasn't seen, encountered and solved.
Going beyond the expected norms of a standard third-party, we can integrate and act as an extension of your team on all levels. From sitting in board-level discussions to advising staff on best practices, we can support you through anything.