Dark Web markets are buzzing from a large dump of nearly 25,000 email addresses and passwords this week, and potentially much more compromising information that could inflict serious damage. The credentials are reputed to be from public-health focused organizations including the World Health Organization, The Gates Foundation, the US National Institutes of Health, and similar agencies.
Even though these credentials are not thought to be new, cybercriminals can leverage this information to improve the accuracy of future attacks. WHO announced last week that cyberattacks against it have increased fivefold since the onset of the COVID-19 pandemic. Many of the attackers are looking to steal information about COVID-19 research and vaccine development to sell or trade for profit to corporate or intelligence community buyers.
Even though password security is a well-known risk, many agencies have failed to take it seriously, continuing to use outdated tools and sloppy handling habits – an expert found that 48 passwords from the WHO dump were “password”!
So how can companies prevent bad actors from using stolen login credentials against them? By employing a combination of two of our award-winning tools, companies can mitigate the risk of compromise that can come from a Dark Web password dump like this one.
- Multifactor authentication is essential. There’s a reason why most agencies and organizations that handle sensitive data use multifactor authentication – it works. Employing a secure identity access and management solution like Passly means that even if passwords are compromised in a dump, cybercriminals won’t get much use out of them.
- Dark Web monitoring provides an invaluable warning. This was a major league password dump, so it made the news. Smaller dumps occur every day, and your company’s login information could be in there. Find out if your company’s passwords, email or other sensitive data is available in Dark Web markets to take preventative action against a potential data breach with Dark Web ID.
These solutions seamlessly work together to boost your cybersecurity both immediately and over time, packing a one-two punch that keeps cybercriminals away from your data and systems effectively and affordably – because no one can afford a cybersecurity disaster right now.