Security operations provider Arctic Wolf observed a year-over-year decrease in publicly disclosed data breaches. However, in its “2020 Security Operations Report” Arctic Wolf revealed that the number of corporate credentials with plaintext passwords on the darknet market increased by 429% since March 2020.
According to the report, 17 sets of corporate credentials are available on the dark web that could be exploited by cybercriminals to easily execute account takeover (ATO) attacks by obtaining access to one single corporate account. Hackers can also monitor an organization’s corporate network and gain access to sensitive data, intellectual property, competitive information, or funds.
The report also highlighted that most of the high-risk cyberattacks (35%) occurred between the hours of 8:00 PM and 8:00 AM, and 14% occur on weekends, when most internal security teams go offline. “The sharp increase in corporate credential leaks underscores the need for organizations to have dedicated 24×7 monitoring of their network, endpoint, and cloud environments in order to prevent targeted attacks that could happen at any time,” the report stated.
Key Findings:
- Phishing and ransomware attempts increased by 64%. Hackers have created new phishing lures around COVID-19 topics and adapted traditional lures seeking to take advantage of remote workers.
- Critical vulnerability patch time has increased by 40 days. A combination of higher common vulnerabilities and exposures (CVE) volumes, more critical CVEs, and the emergence of a remote workforce have significantly slowed the patching programs at many organizations.
- Unsecured Wi-Fi usage is up by over 240%. Remote workforces connecting to open and unsecured Wi-Fi networks outside of their office or home are now facing increased risks of malware exposure, credential theft, and browser session hijacking.
Mark Manglicmot, Vice-President, Security Services, Arctic Wolf, said, “The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge. Yet, despite this constant innovation, we continue to see breaches in the headlines. The only way to eliminate cybersecurity challenges like ransomware, account takeover attacks, and cloud misconfigurations is by embracing security operations capabilities that fully integrate people, processes, and technology.”