Dataset: COVID-19 Themed Domains

DATASET

COVID-19 Themed Domain Dataset

To assist the information security community, SpyCloud researchers have compiled, enriched, and analyzed a list of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of open-source feeds.

We have made the dataset available to demonstrate how to complete a low-cost analysis using open-source threat intelligence data.

Disclaimer: This data is provided as-is, with no guarantees that the data will be accurate or maintained in any way. For more information about the sources, please refer to the original open-source feeds.

SourceDescription
Certificate Transparency logsOpen dataset for exploring SSL Certificates to identify potential abusive hostnames.
Risk IQ’s COVID-19 feedPublic feed of COVID-19 themed domains sponsored by Risk IQ.
Domain Tools’ COVID-19 threat listPublic feed of COVID-19 themed domains sponsored by DomainTools.
Rapid7 Project SonarOpen data of internet-wide surveys conducted by Rapid7 Labs.

 

Please note that we only used the hostnames from these sources; additional metadata was collected by SpyCloud researchers.

Download the Dataset

Domains with COVID-19 and Coronavirus Themes

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2020 Report: Breach Exposure of the Fortune 1000

REPORT

2020 Report: Breach Exposure of the Fortune 1000

Employees frequently reuse corporate credentials as personal logins, regardless of security guidelines that prohibit such behavior. When those third-party sites are subject to data breaches, reused employee logins provide easy entry points to corporate systems and networks. In addition to corporate credentials, data breaches expose a wealth of personal information that can enable cybercriminals to bypass security measures, take over accounts, and compromise enterprise networks.

To provide a snapshot of the breach exposure affecting major enterprises, we examined SpyCloud’s entire database to see what breach data we could tie to companies in the Fortune 1000. Across our data set, we were able to identify over 412 million breach assets tied to employees within the Fortune 1000.

Download the report to see:

  • How many Fortune 1000 employees and C-level executives have passwords available to cybercriminals
  • Top passwords of Fortune 1000 employees
  • Infographics showing credential exposure, password reuse rates, and more for all 21 Fortune 1000 sectors
  • Which sector is the worst offender (by far)

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Report: Breach Exposure of the Fortune 1000

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Targeted vs. Automated Account Takeover Attacks

WHITEPAPER

Targeted vs. Automated
Account Takeover Attacks

Account takeover (ATO) occurs when criminals use stolen logins to access user accounts without permission–typically credentials that have been exposed in a third-party breach. Using victims’ accounts, criminals can make fraudulent purchases, drain accounts, steal sensitive data, or move laterally within a target organization.

The vast majority of account takeover attempts are automated credential-stuffing attacks. However, SpyCloud customers report that 80 percent of losses come from just 10 percent of ATO attempts, which are highly targeted and challenging to detect.

Read this whitepaper to learn:

  • The differences between targeted and automated account takeover attacks and why targeted attacks can cause so much damage
  • The five phases of an account takeover attack and the tactics, techniques, and procedures cybercriminals throughout the attack timeline
  • How early detection can help you prevent both targeted and automated account takeover

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Whitepaper

Targeted vs. Automated Account Takeover Attacks

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

2020 Annual Credential Exposure Report

REPORT

2020 Annual Credential Exposure Report

Every year, the SpyCloud Credential Exposure Report examines the data cybercriminals have been sharing over the last year and what it means for enterprises and consumers. Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO). 

SpyCloud researchers infiltrate criminal networks to identify and recover stolen data months or years before it reaches a broader criminal audience or goes public. As a result, the 9 billion breach records analyzed for this report provide insight into breaches that have been freshly released to criminal marketplaces over the last year.

Download the report to see:

  • Trends our researchers have observed within cybercriminal communities over the last 12 months
  • Password reuse patterns, including the most common transformations people use to “refresh” a reused password
  • Most popular 100 passwords collected over the last 12 months
  • Common password hashing algorithms used by breached organizations

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Download the Report

2020 Annual Credential Exposure Report

A few of our happy customers:

Related Resources

Case Study

Top 10 Travel Booking Site

Preventing account takeover begins with monitoring the dark web, but without the ability to match user accounts with a database of exposed credentials, a top 10 travel booking site was vulnerable to attack.

Read More

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Fortune 1000 Breach Exposure: What We Can Learn

WEBINAR

Fortune 1000 Breach Exposure: What We Can Learn

SpyCloud + Threatpost

Third-party and supply-chain risk: a complex, convoluted attack surface. Stolen credentials fueling account takeover attempts aimed at infiltrating deep into corporate networks (more than 4 million plaintext passwords tied to Fortune 1000 employees can be found on the Dark Web). Stolen PII and account data that make it easy for criminals to craft highly targeted attacks. Join SpyCloud and Threatpost to talk about large enterprises’ unique risk profile and the impact of the data breach epidemic on this segment.

Drawing on the largest database of stolen credentials in the world, SpyCloud has analyzed breach data tied to Fortune 1000 employee credentials to understand trends in password reuse and data exposure. Join Tara Seals, Threatpost’s Senior Editor, and SpyCloud Head of Product Strategy Chip Witt who will discuss the extent of Fortune 1000 employee breach exposure and what it means for the organizations that work with them.

View this on-demand webinar to learn:

  • The scope of password reuse and third-party breach exposure across the Fortune 1000
  • Which Fortune 1000 sector has the most exposed credentials per company – and which has the most users potentially infected with keyloggers and other malware
  • How stolen Fortune 1000 employee PII can help attackers breach your organization
  • What you can do to protect your organization from third party account takeover

Product Feature: Third Party Insight

Monitor third party exposures and share data to aid in remediation.

Learn More

Watch the Webinar:

Fortune 1000 Breach Exposure

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Zscaler

CASE STUDY

Zscaler

Industry: TECHNOLOGY

Transforming Information Security with a New Vision and a New Model

About the Company

Zscaler is a cloud-based security company that is completely transforming the way companies approach information security. Many of the world’s largest and most forward-thinking companies rely on Zscaler to move their security off the network and into the cloud. Gartner has named Zscaler a leader in its Magic Quadrant for SWGs for seven consecutive years and the company recently went public. Clearly, Zscaler is moving the needle.

For the past decade, Zscaler has brought its revolutionary vision to a rather fixed mindset. It realized early on that employees had begun working differently than in the past. They weren’t attached to a static office and they weren’t consistently on a secure, corporate-controlled network using company-owned devices. The traditional security models were no longer aligned with culture. Today, mobility and the cloud enable all of us to be more productive and agile, yet it poses a new problem for security. How do you protect users, data, systems and applications when they aren’t always visible? How do you control security when traffic isn’t going through the traditional security stack?

Changing How Information Security is Viewed

While many business systems have moved to the cloud, security has been slow to transition. The hesitation comes less from cost or efficiency concerns, as most companies realize the cloud improves both, but more from the questions of complexity and scope. Zscaler recognized the opportunity to make modern security not only attainable, but comprehensive, with the scalability to encompass all of the ways people now work. The company took security hardware out of the enterprise data center and built its own multi-tenant, cloud-based stack around the globe, enabling companies to step away from managing their own stack and forwarding their traffic through the Zscaler stack instead.

Zscaler has been attractive to many of the world’s largest companies with distributed workforces and multiple locations. Smaller companies have taken notice as well, realizing they can finally afford an enterprise-grade security platform they don’t have to manage themselves. Zscaler is also a preferred partner for service providers who want to offer security to their customers through a SaaS-based platform.

For Sutton, attracting customers and partners is only a small part of the vision. Changing how information security (IS) is viewed is the bigger goal. “Gone are the days when IS dictates security within the company. Users have so much power now and IS doesn’t have the control or visibility they once had. CISOs have to rethink how they achieve their mission and find ways to empower users instead of being the “Office of No” that employees will just bypass. Security can be flexible without giving up protection.”

The Zero Trust Model

Visibility is a fundamental challenge for many in IT and IS. Protecting what isn’t seen is a common pain point. From BYOD, remote employees and cellular networks, to uploading data and unsanctioned apps, security leaders are hard pressed to control this seemingly rogue atmosphere. Even if they could gain visibility into all of this traffic, much of it today is encrypted and therefore unusable.

“You can’t control what every employee is doing—it’s simply not possible and companies will waste an inordinate amount of energy trying to do so,” says Sutton. “We built Zscaler with this perspective in mind. We don’t care where employees work, which device they use, or how they choose to connect. We had to build a solution that would enable IS to see all of the traffic, inspect it appropriately, and be alerted of anything suspicious. The zero-trust model insists we treat all devices and all websites as untrusted until they can be authenticated and users can be authorized. It’s not about changing the user habits. It’s about changing the IS model.”

Radically Rethinking Security

Changing perspectives is never easy, yet companies large and small are accepting the zero-trust model and taking steps to incorporate it into their methodology. Zscaler solutions are intentionally built to make this process easier and more adoptable. Zscaler built its security stack from the ground up and all of its capabilities are tightly integrated, so there is only one proxy through which all traffic runs. Controls as simple as blacklisting a site to more complex sandboxing can be performed through one system, making security more efficient and easily visualized.

As Zscaler continues to lead the cloud security market, it is taking a top-down approach. “It’s no longer selling a product to a line-level person in charge of firewalls,” Sutton says. “It’s so much bigger than that. We are pitching a new vision that C-level executives can champion to lead the transformation into the cloud. Zscaler is helping companies take their security to the next level—not with a specific product, per se, but by radically rethinking their approach to security.”

About Michael Sutton

Being the CISO at a security company is what Michael Sutton compares to being a skating coach on a hockey team. Everyone at Zscaler is a security pro, making his job unconventional. Instead of convincing employees to adopt his security protocols, he spends his time selling his vision and best-practice expertise to companies who he believes need to rethink their entire approach to internal security. Sutton is also a mentor and advisor to the next generation of security startup founders at Mach37. He has been with Zscaler since its inception in 2008, starting as vice president of security research. Prior to Zscaler, Sutton was a security evangelist at Hewlett-Packard and SPI Dynamics.

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Download the PDF version of the case study to print or share with others.