Freely subscribe to our NEWSLETTER

Last week, Digital Shadows revealed that it has alerted clients to 27.3 million username and password combinations in the last 18 months. It also warned that access to organizations’ key systems trade at a significant premium. Usernames with “invoice” or “invoices” as well as “payments” and “partners” are actively sought by cyber criminals. Domain admin access is currently advertised by cyber criminals with prices ranging from $500 to $120,000.

Digital Shadows SearchLight™ has the most comprehensive collection mechanism in the market to combat this threat, continuously searching across criminal forums, paste sites, dark web pages, and code-sharing sites. This has detected more than 15 billion credentials to date, and this number continues to rise. Given credential breaches are common and password reuse is rife, often organizations lack visibility of who has been impacted - and the extent of the impact this has on the business.

The new service is designed to help organizations solve this challenge by enabling them to:

• Triage quicker: reused credentials will not be raised as new alerts. Instead, if the same credential pair is detected on a new source, the alert is updated with the source details.

• Automatically reject invalid credentials based on specified email and password formats

• Deeper historical context via a timeline viewer

• Better reporting – gain a macro-level picture of the number of employees involved in a breach.

Russell Bentley, VP Product at Digital Shadows comments: “Managing data breach volumes is time consuming given the huge amount of breached credentials out there. Organizations often struggle to determine which credentials are historic and may no longer represent a danger to them and those that are a clear and present danger. SearchLight’s new credential alert removes the time spent triaging invalid or duplicate credentials enabling organizations to stay on top of this issue in real time.”