How to Prevent Your User Credentials from Being Sold on the Dark Web

November 11, 2024

Article
4 min

How to Prevent Your User Credentials from Being Sold on the Dark Web

The dark web is full of online forums where stolen user credentials are shared and sold illegally. What measures can organizations implement to reduce their risk of being affected?

CDW Expert CDW Expert
/

Think about the main causes behind data breaches. Chances are that system vulnerabilities are the first thing that comes to your mind; after all, this belief has been spread by popular culture for decades. Although system vulnerabilities are a major concern when talking about cyberattacks, there are some more efficient techniques that cybercriminals rely on, such as buying stolen user credentials on the black market known as the dark web.  

According to Verizon’s 2024 Data Breach Investigation Report, 77 percent of web application attacks involved stolen credentials. If we think about it, it’s all about convenience – Why waste time picking locks when you can simply walk through the front door with stolen keys?

A comprehensive security strategy will try to protect the company from both outsiders and insiders, but if the threat actor uses legitimate credentials and acts carefully, they can move around quietly, so it becomes extremely difficult to detect them. Once the attacker is inside, it is a cat-and-mouse situation; unusual activity will typically set off the alarms, but the question is: would that happen before it’s too late?

CDW Canada’s 2024 Cybersecurity Study found that the total number of cyberattacks declined from the previous year; however, the number of successful incidents continues to trend upward, which suggests that cybercriminals are becoming more effective and harmful each time. Doing as much as possible to stop them from entering your network with genuine credentials is definitely a good idea.

The black market of stolen credentials on the dark web

Any website that is indexed in search engines is considered part of the surface web; easily accessible to anyone. If a website is accessible to anyone but is not indexed by search engines, then it is considered part of the deep web. The dark web, on the other hand, is a part of the internet where different private networks exchange information while keeping the identity of its users anonymous.

Although it’s been used by activists and journalists working on just causes that might put themselves at risk, it is naturally also the perfect home for many forums where illicit transactions happen and illegal activities are planned. Cybercriminals will typically buy user credentials in one of these illegal forums, most of the time using cryptocurrency.

How do credentials end up on the black market in the first place? Very often, they are scraped from browsers by infostealer malware or stolen as the result of a lack of cybersecurity awareness, e.g., when someone who uses guessable or reused passwords for their professional and personal accounts falls victim to a phishing attack.

Organizations should promote cybersecurity awareness and have a robust user authentication strategy

The more employees an organization has, the more difficult it is to prevent credentials from getting leaked. When companies train their workforce to use and maintain strong passwords, and enforce additional identity-based protections, it is more likely that by the time the credentials are sold on the black market, they are no longer working – you change the lock, and the burglar’s key becomes useless.

Receive an alert when your credentials hit the black market

There are currently services that can help you be aware when your credentials are being sold on the dark web, such as CDW’s Managed Compromised Credential Monitoring Service.

This service is powered by an industry-leading cyberthreat intelligence platform that looks for indicators of user credentials that might have been stolen. Such alerts are turned into events within CDW’s security operations centre (SOC) and assessed by a security analyst, who then raises this threat to the customer and provides a list of recommended actions.

For managed XDR customers, where the SOC has the authority to act, the investigating analyst can take further actions to contain and eradicate the potential threat, such as force resetting user credentials, disabling privileged access or isolating at-risk devices.

Rely on CDW’s cybersecurity experts

In 2023, CDW Canada was recognized as the No. 1 Canadian Solution Provider of the Year on Channel Daily News’ Top 100 Solution Providers list, and has been serving Canadian organizations for over 20 years.

We have a team of cybersecurity professionals across the country who can help protect and defend your organization’s sensitive data.  

Our managed services are delivered following the highest IT practices and standards. We maintain ISO 27001 and PCI certifications, are aligned with the National Institute of Standards and Technology (NIST) and ensure that our managed services operations are SOC2 compliant.

We also offer full-stack technology services, which means we’ll provide you with a holistic solution tailored to your organization’s needs.