Blog Post
Even with a comprehensive defense, organizations may fall victim to a data leak without realizing it. Uncontrollable factors such as supply chain attacks, historical breaches, human error, and insider threats may expose data to the dark web, creating risk and opportunity for threat actors to attack.
For example, in 2023, one company had 43GB of its data stolen and leaked to the dark web after a ransomware attack stemming from the “Citrix Bleed” vulnerability. Essentially, the victim company was using a Citrix product containing a bug that allowed attackers to bypass key security measures, gain access to internal systems, and eventually steal their sensitive data.
ebook download
Cybercrime on the dark web
Strip away the mysteriousness of the dark web with this eBook that looks at:
- The anatomy of the dark web and its role in cybercrime
- The real value of dark web monitoring
- Steps you can take to mitigate the risk of exposed data
It’s an important lesson that incidents like these happen to even the most well-protected, well-secured organizations. All it takes is one vulnerable software, application, or piece of hardware. This is one reason why dark web monitoring is becoming increasingly popular.
What to do if your data is leaked to the dark web
Once something is published online—whether on the surface or the dark web—it becomes nearly impossible to fully erase. While you can delete posts and take down websites, there’s always the possibility that a quick-thinking cybercriminal already took screenshots, downloaded offline copies, or otherwise saved the data for later use.
That said, there are a number of best practices organizations can take to reduce the risk associated with exposed data.
Ensure you have good visibility into the dark web
Before you can address exposed data, you first have to know that your information has been compromised and leaked. But very few organizations have the time or people to access, explore, and navigate around the dark web in search of sensitive company data.
That's where dark web monitoring comes in.
Dark web monitoring involves scanning the dark web for leaked data associated with a company’s domain. The scan identifies credentials, financial data, intellectual property, and other sensitive details published on the dark web.
With that visibility and information, you can:
- Identify unknown breaches: Dark web monitoring helps organizations discover breaches that may have gone undetected, like if the breach occurred through a third-party vendor.
- Minimize risk: Organizations can address vulnerabilities quickly—by changing leaked credentials or ramping up suspicious login monitoring—and stop cybercriminals in their tracks.
Enable multi-factor authentication on all accounts
Multi-factor authentication (MFA) requires a user to provide more than one type of authentication before they can access an account or resource.
Even if a threat actor obtains a user’s credentials, via breach or otherwise, the extra layer of security provided by MFA will make it nearly impossible for a threat actor to login with credentials alone.
Restrict users from using corporate email addresses for non-work-related services
Exposed data often stems from the compromise of third-party services that users sign up for using their corporate email addresses. If the service is breached, this corporate information may be exposed and leveraged by threat actors.
Although this type of breach may not directly affect your corporate network, it can still have serious indirect consequences—especially if cleartext passwords or corporate email addresses are included. The takeaway is simple: the less that employees use their corporate email for non-work-related services, the lower the business risk should a breach occur.
Maintain strong password hygiene
There are countless reasons why organizations should mandate strong passwords. When employees use complex passwords for business, they’re less likely to use those same passwords while creating personal accounts for third-party services.
One of which is that employees who use complex passwords for business may be less likely to reuse those same, complicated passwords while creating personal accounts for third-party services. This makes it harder for threat actors to leverage those credentials against the corporate network, should they be disclosed.
Frequently changing corporate passwords is a good idea too. That way, any passwords that are unknowingly exposed are at risk for a shorter period of time.
Monitor for, and block, unusual login attempts
Another way to mitigate the risk of exposed credentials is to monitor for, and actively block, suspicious login attempts. Suspicious, in this case, may include:
- Impossible travel—for example, an employee logs in from Texas one minute and from Italy the next
- Login attempts from suspicious ISPs and high-risk IP addresses
- Login attempts from TOR nodes
- Login attempts from unusual or suspicious user agent strings
- Implement human verification (captcha) authentication
A popular cyberattack that leverages exposed data is called credential stuffing. Since the attack involves attempting to log in to hundreds, if not thousands, of online services, hackers usually automate this attack using bots.
Adding a captcha or some other human verification control can help mitigate these risks since they help identify credential-stuffing bots proactively, preventing successful logins and subsequent attacks.
Get started with dark web monitoring
Field Effect MDR Complete detects and responds to threats and vulnerabilities across your entire IT infrastructure—endpoints, networks, and cloud—external threat surface, and the dark web.
By scanning over 1000 dark web sources, digesting more than 26,000,000 records daily, MDR Complete will notify you of any data exposures that may signal an impending attack. This way, you can address the risk quickly before threat actors have the opportunity to use that leaked data as part of an attack.
