Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

WEBINAR

Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

We all want to leave 2020 in the rearview mirror, but the effects will be with us for a long time. Our online behavior shifted dramatically, and we created a number of new accounts to manage our lives in a new reality. This vast growth in the attack surface didn’t go unnoticed in criminal circles, and the tactics they developed to perpetrate breaches and account takeover set the stage for what we’re already starting to see in 2021.

In this on-demand webinar, we break down the trends our researchers observed within cybercriminal communities over the last 12 months, including:

  • The scale of data that was stolen & circulated in 2020
  • What the data reveals about device sharing and the fuzzy boundaries between work and personal device usage
  • The top 100 reused passwords (that you should immediately add to your ‘banned password lists’!)
  • Why and how other companies’ data breaches become your company’s problem
  • Security repercussions of the sudden shift to remote working, learning, socializing, and shopping
2021 Annual Credential Exposure Report

Our 2021 report revealed that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover.

Download the Report

Credential Exposure Alerts

Watch the Webinar

Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

Presenter Info

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2021 Remote Workforce Security Report

REPORT

2021 Remote Workforce Security Report

New Security Threats Facing Remote Workers
2021 Remote Workforce Security Report

Following the dramatic rise in work-from-home in the wake of the COVID-19 pandemic, securing the expanding remote workforce has become a critical priority.

The 2021 Remote Workforce Security Report reveals the current state of cybersecurity at widely distributed organizations, including key challenges, new security threats, technology gaps and preferences, investment priorities, and more.

Based on the research, organizations are seeing increased phishing attempts and malware infections. They are concerned about the use of personal, unsecured devices to access corporate applications, and the risk of data leakage presented by a habit so difficult to stop – especially when 55% of organizations allow it.

Download the report for insights & more on:
  • Security controls that are most effective for remote work scenarios
  • Threats users are reporting with increasing frequency
  • Security protocols individuals are most resistant to
  • How remote work is impacting compliance posture, especially regarding GDPR
Examine what your peers think about the ongoing threats and vulnerabilities faced by enterprises today, and where you might need to shore up your defenses for the future – because remote work is a trend very likely to continue.

Get the Report

2021 Remote Workforce
Security Report
Download the PDF version of the report to print or share with others.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

How Credential Stuffing Tools Are Made

WEBINAR

How Credential Stuffing Tools Are Made

Credential Stuffing Webinar Screenshot

In early 2020, attackers compromised over 160,000 Nintendo accounts via credential stuffing. SpyCloud researchers discovered source code for one account checker tool that was custom-built to help criminals test stolen credentials against Nintendo logins, enabling attackers to access customer accounts and exploit saved payment methods to purchase in-game currency.

With so many people stuck at home, popular consumer services like Nintendo are facing high demand – from both legitimate customers and cybercriminals. Sophisticated crimeware makes it easy for criminals to target these types of organizations in credential stuffing attacks and defraud their customers. To protect consumers from account takeover, enterprises need to take proactive measures.

View this on-demand webinar to learn:

  • How credential stuffing works, from the lifecycle of stolen credentials to the crimeware attackers use to automate account takeover
  • Why stolen accounts that don’t have obvious monetary value can be profitable for cybercriminals
  • How credential stuffing and account takeover fit into the broader criminal economy
  • What your enterprise can do to combat both credential stuffing and more advanced types of account takeover attacks
Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them To defraud your users or access sensitive corporate data.

Learn More

Zero Trust

Watch the Webinar:

How Credential Stuffing Tools Are Made

Presenter Info

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management and oversees the Customer Success Program at SpyCloud. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

I Put a Keylogger On You, and Now You’re Mine: What Cybercriminals See When They Infect a Host with Malware

WEBINAR

I Put a Keylogger On You, and Now You're Mine

What Cybercriminals See When They Infect a Host with Malware

Webinar - Malware - Value of an Infected User

Emotions about the global pandemic are running high, and attackers are taking advantage. Researchers have observed criminals spreading malware by impersonating official sources, distributing malicious COVID-19 maps and trackers, and malvertising on coronavirus-related news stories.

As security professionals, we try to protect our users from this type of activity by searching for indicators of compromise and writing rules to detect malicious activity. What we don’t see is the criminal perspective – what an attacker actually sees when they infect a host with malware that has keylogging and remote access capabilities.

In this webinar, SpyCloud Head of Product Strategy Chip Witt opens a window into the criminal ecosystem surrounding credential-stealing malware like Azorult, Raccoon, Predator, and Vidar. Chip shares examples of actual malware logs, explains how various actors profit from stolen data, and discusses what you can do to better protect your enterprise from these types of threats.

View this on-demand webinar to learn:

  • How criminals distribute credential-stealing malware to victims, monetize stolen information, and continue to profit from infected hosts
  • What an attacker managing a malware campaign sees as new systems become infected
  • What’s included within malware log files, from cryptocurrency wallet details to photos of victims’ desktops
  • How you can better equip your security organization to handle these threats

Contact us to see your infected user data

Exposed credentials, whether stolen in a data breach or via a botnet infection, put user accounts at risk of account takeover. Let’s deep dive on the data we have collected for your domain.

Get in Touch

Malware

Watch the Webinar:

I Put a Keylogger on You, and Now You’re Mine

Presenter Info

Chip Witt, VP, Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

Fintech Account Takeover Prevention Case Study - SpyCloud
Case Study

Global Fintech Company

With SpyCloud, this global fintech platform has been able to automate consumer account takeover prevention at scale, protect thousands of users infected with credential-stealing botnets, and enrich their predictive models and investigations.

Read More
Malware Infected User Guide
Whitepaper

Infected User Response Guide

Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.

Read More

The SpyCloud Difference

SpyCloud provides the earliest detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or in a botnet log, and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


WEBINAR

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


SpyCloud + ISMG

For close to three years, a technology executive was hounded by a persistent attacker who stole his identity, opened credit cards in his name, and wired funds from his bank account. Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks.

If your account takeover prevention program primarily focuses on automated attacks like credential stuffing and password spraying, you may be leaving your organization exposed to serious losses. Targeted account takeover attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management. When criminals decide to go after high-value individuals and organizations, they’re motivated to pull out all the stops, engaging in time-intensive, difficult to perpetrate methodologies in pursuit of lucrative rewards.

Dig into the tactics, techniques, and procedures criminals use to perpetrate highly-targeted attacks and identify areas where you might be investing unwisely in security technologies, leaving you vulnerable to sophisticated attackers.

View this on-demand webinar to learn:

  • The timeline of a breach and what types of attacks are prevalent at each stage
  • The advanced tactics criminals use to bypass enterprise security measures

  • Perspective on why enterprises should be more concerned about targeted vs automated account takeover attacks

  • Steps you can take to bolster your defenses and protect against the most damaging attacks

Solution Spotlight: ATO Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Zero Trust

Watch the Webinar:

Targeted Account Takeover Attacks

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Top 10 Travel Booking Site

CASE STUDY

Top 10 Travel Booking Site

Industry: TRAVEL & HOSPITALITY

Top 10 Travel Booking Site Discovers Up to 11,000 Exposed Customer Credentials per Hour with SpyCloud

Challenge

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Scroll to Challenge

Solution

The booking company uses the SpyCloud API to continually monitor and protect customer accounts against SpyCloud’s massive database of exposed emails and plaintext passwords.

Scroll to Solution

Result

With automated dark web monitoring, the company discovers thousands of exposed customer accounts every hour, enabling the company to better protect their customers from account takeover.

Scroll to Result

Top 10 Travel Booking Site Discovers Up to 11,000 Exposed Customer Credentials Per Hour with SpyCloud

The online travel booking company profiled is one of the largest in the world, with nearly two million room nights reserved at more than 140,000 global destinations on its online platform every day. With a mission to remove the friction out of travel, the company unites travelers with every type of accommodation available.

Challenge

Preventing Account Takeover After a Breach

Account takeover (ATO) is a growing problem that impacts virtually every industry, particularly those organizations with an e-commerce capability. When cyber criminals steal usernames and passwords or purchase them from breach data on the dark web, both consumer and company can suffer.

The risk of ATO keeps security leaders up at night. Beyond the financial loss, ATO is often the dreaded aftermath of a security breach and can continue to cause damage for years.

For one of the top 10 travel site’s Account Security Group, keeping constant watch over their user accounts is a full-time job that would greatly benefit from automation.

“It has always been our goal to prevent, detect and remediate any account security threat,” says a security leader at the online travel company. “We wanted a solution that would enable us to continually evaluate our security stack and if we detect any gaps in our strategy, take immediate action to protect our customers and our brand, starting with ATO prevention.”

Solution

Identify Exposed Credentials Early and Rapidly

SpyCloud always has its ear to the ground in the deep and dark web. Through proprietary tools, techniques and technologies, SpyCloud is able to detect corporate breaches earlier than any other company. The earlier exposed credentials are discovered, the more likely a future breach can be prevented.

To prevent a breach, ATO and ongoing fraud from happening, this top 10 travel booking site turned to SpyCloud, recognizing the value of the detailed, real-time, accurate data SpyCloud provides. They chose to work with SpyCloud to launch a new initiative to automatically detect exposed customer credentials and alert security leaders early in the process, before criminals have the opportunity to take over the account and cause damage.

The company uses SpyCloud data as part of their account stuffing attack monitoring. For each login attempt to their domains, they initiate an out-of-band SpyCloud check for an account match. They then check match alerts against SpyCloud’s recorded spikes in account stuffing attacks to identify any correlations.

“We use SpyCloud to detect the ATO storms – when an attacker targets our system with a list of breached credentials,” says the security leader at the company. “The SpyCloud data reveals which accounts are compromised so we can force the account down an alternate road that includes a second step in the verification process. This is typically requiring the account owner to answer security questions or engage in two-step multi-factor authentication.” 

“Without the SpyCloud data, we would be in constant risk for attacks we never saw coming. We may not be able to stop every breach, but we feel we are being more proactive and have dramatically improved our security stance.”

Results

Thousands of Exposed Credentials Discovered Every Hour

One of the unique aspects of SpyCloud is the ability to discover direct matches with emails and passwords. Identifying exposed emails is not enough and doesn’t indicate the account has been compromised. With SpyCloud’s proprietary password cracking methodology, more passwords can be cracked, unencrypted and operationalized. In fact, SpyCloud owns the largest database of emails and plaintext passwords, eight billion and counting.

“SpyCloud allows us to see where we are vulnerable in order for us to fortify those potential entry points,” says the security leader. “With the SpyCloud database constantly updated, we can continually monitor our customer base with the freshest, most usable data available. Using the SpyCloud data, we discover anywhere from 3,000 to 11,000 direct matches per hour. Every one of those exposed accounts could have led to account takeover. “

While the SpyCloud solution does include the capability for users to automatically remediate accounts with matches to breach records, typically forcing a password reset, the travel company prefers less friction in the booking process.

“For now, we are using SpyCloud simply for monitoring, but we are aware the solution can do much more,” says the security leader. “We are evaluating our options and are considering moving towards being more proactive without compromising our mission. The fact that SpyCloud is customizable to our needs now but also scalable to where we may go in the future is one of the reasons we chose their solution.”

4.7% email and plaintext password match rate.

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Download the PDF version of the case study to print or share with others.

Hard Truths About ATO & Strategies To Defend Your Enterprise

WEBINAR

Hard Truths About ATO & Strategies To Defend Your Enterprise

Protecting your enterprise from breaches and account takeovers has never been a bigger challenge. New tools make it possible for even unsophisticated actors to perform advanced, widespread attacks that put your organization at risk. According to the 2019 Verizon Breach Report, stolen credentials are the leading attack vector — yet in a recent study by Symantec, only 7% of respondents rated account takeover as a top threat to their cloud infrastructure.

Regardless of the thoughtful measures and policies you have in place, the hard truth is that no policy can protect you from human behavior. In this webinar, SpyCloud Head of Product Strategy Chip Witt demonstrates how malicious actors take advantage of loopholes in your account takeover prevention plans. For example, your employees may be reusing compromised passwords to access corporate systems or signing up for 3rd party services like LinkedIn or Fantasy Football using their work credentials.

View this on-demand webinar to learn:

  • The anatomy of an account takeover attack
  • Real-world examples of how employee password reuse can threaten your enterprise
  • Potential holes in your account takeover plan
  • What you can do to strengthen your security posture, including alignment to NIST
Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Zero Trust

Watch the Webinar:

Hard Truths About ATO & Strategies To Defend Your Enterprise​

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Truly Actionable Recaptured Data

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware infections, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

stat-blocks-stacked

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.