SpyCloud for Government Agencies
Federal agencies in the United States experience tens of thousands of cyber incidents each year. Beyond account takeover, ransomware attacks on critical infrastructure have skyrocketed – aided by over 500,000 government credential pairs that were leaked in breaches and by malware-infected devices in 2021.
For government agencies, the exposure of networks and the sensitive data involve implications far too great to risk falling victim to cyber attacks that arise from the prevalence of stolen authentication data. With access to vital data from the criminal underground, SpyCloud provides the critical difference in proactively protecting our infrastructure, national security, and customers of government services.
60%
Password reuse rate for .gov emails found in data breaches last year
password
Top password associated with exposed .gov credentials last year
561,753
Government credential pairs leaked in breaches last year recaptured by SpyCloud
Leverage Breach Data for National Security
Employees of government agencies are as guilty as everyone else of the poor online habits and weak password hygiene that are the leading criminal gateways. As a result, there has been a massive uptick in credential exposures from government-affiliated organizations in recent years. This not only has the potential to cost taxpayers billions of dollars in clean-up – it also threatens our national security.
We might not be able to change rampant password reuse, but SpyCloud has built the industry’s fastest and most innovative approach for detecting and preventing the attacks that stem from human behavior. The SpyCloud platform is built on three pillars:
- Early detection
- Access to the largest repository of breach data possible
- Dedicated human intelligence (HUMINT)
Assets
Total
Passwords
Email
Addresses
Data Types
When accounts are at risk, they can be locked down until they are re-secured with a password reset or step-up authentication procedure. CyberDefenses also uses SpyCloud's data to research the infrastructure used in election fraud campaigns.
SpyCloud Helps U.S. Government Agencies:
Remediate Cyber Incidents Faster
Government agencies take a long time to remediate attacks. Having access to just-breached data is the critical difference between your organization falling victim to account takeover or not. Other solutions are time-consuming, resource-intensive, and often can’t deliver breach data until it’s too late. SpyCloud typically ingests data within days of the breach occurring.
Investigate Cybercrime
Using our vast amounts of recaptured data with popular tools like Maltego and i2 Analyst Notebook, analysts are able to make connections they never thought possible to quickly identify threat actors and unmask alternate identities through repeatable, scalable analysis.
Accurately Verify User Identity
Simply verifying the information entered by a user is an incomplete identity verification process. Due to the vast amount of data breaches and leaks, traditional identity verification does not take into consideration the prospect of the user’s credentials and PII being exploited to perpetrate fraud such as ATO or synthetic identities.
SpyCloud delivers intelligence on the most vulnerable users based on their leaked credentials and reused passwords, making them susceptible to exploitation. The API seamlessly blends into existing automated identity verification processes for real-time logins and account creations, or it can be used as an offline batch process.
Detect Botnet Infected Users
SpyCloud is the only source of botnet infected user machine records. This is critical because botnets are notoriously evasive and dangerous. In one instance of SpyCloud’s effectiveness in this area, a government agency was the target of a credential stuffing attack. When their legacy solution failed to detect exposed credentials on the percentage they expected, SpyCloud was able to provide a file of 6,500 botnet infected user machines linked to their domains. Our results revealed that 85% of these 6,500 botnet infected user machine records had a direct credential match (email address and plaintext password) to active accounts.
Using the potential cost of the identity theft prevention services for these botnet infected machines, the agency calculated their “avoided cost” at $552,500.
Protect Customers of Government Online Services from Fraud
Government agencies make especially good targets due to the sheer amount of personally identifiable information (PII) stored in their systems and the amount of money that can be gained from siphoning funds, rerouting government benefits, and stealing taxpayers’ private information to leverage themselves or sell on the dark web. Coupled with the fact that usernames and passwords remain the most prevalent form of authentication for citizens of government services, now is the time to shore up protections for these critical accounts.
Protect Your Agency’s Supply Chain
Government work relies on partnerships with private businesses, but those outside organizations are also vulnerable to attack – which in turn puts the government agency at risk. SpyCloud recently examined Aerospace & Defense companies in the Fortune 1000 and found more than 1.1 million plaintext employee corporate email and passwords combinations available for criminals to use, and 79% of those employees reusing passwords across multiple accounts. That is a huge amount of risk for agencies doing business with these contractors to assume.
SpyCloud Third Party Insight makes it easy to manage risk from DIB contractors. Continuous breach monitoring identifies when your vendors are compromised. You can then share the affected third party vendor’s exposed data directly with them so they can take steps to lock down accounts before criminals can exploit them. In the meantime, you can choose to limit access to your data until they have taken remediation action.
Backed by HUMINT
No other solution on the market is powered by a human intelligence team solely focused on recapturing data as soon as possible after a breach occurs. Our researchers work tirelessly to infiltrate criminal communities, resulting in our massive database of actionable open source intelligence (OSINT). We specialize in recapturing the data that criminals have stolen via data breaches and through botnet infections.
Additional Resources
Credential-Stealing Malware: Remediation Guide for Government Security Teams
Learn what swift actions you can take to help prevent data theft from keylogger malware infections.
Preventing Cyberattacks in Government Supply Chains
Stolen credentials remain the #1 hacking tactic used to perpetrate data breaches. DIB suppliers must take strong measures to secure credentials and meet CMMC requirements.
U.S. Government Credential Exposure Report
The prevalence of password reuse and loose credential security protocols are gifts to cybercriminals that expose the U.S. to significant risks.
