Pro CISO Credential Monitoring contributes in making the Digital world a safer place
In the spirit of responsible disclosure, Pro CISO will notify individuals when their credentials are found in the Darkweb by its Threat Intelligence/Credential Monitoring service.
While providing Threat Intelligence services to its customers, such as Credential Monitoring for identifying leaked or stolen corporate credentials, Pro CISO often is confronted with entire datasets of credentials that have been extracted by stealer malware on compromised user devices.
These collections of credentials often refer to corporate services used by employees to perform their work activities, or third parties to support their partners, or even by customers accessing online services.
When Pro CISO provides its Credential Monitoring service to its customers, it will identify both the customer resources and the customer credentials that are made available on the Darkweb. These credentials are often sold, traded or simply made available in restricted forums.
Criminal groups can make many uses of the compromised credentials:
Being proud of contributing in making the Digital world a safer place, Pro CISO will launch periodical campaigns on a best-effort basis and completely free of charge, to notify the end users that their credentials are exposed in clear-text in the Darkweb, allowing them to rapidly modify their compromised passwords for the specified target web sites, and any other in which they are re-using the same password.
Additionally, Pro CISO highlights that when credentials are stolen from the user device, the assumption is that the device itself has been compromised or infected with a stealer malware in the browser or hidden in the operating system. For these cases it's necessary to scan and clean the device, or back up the data before wiping and reinstalling it.
Pro CISO also recommends to minimize the data stored on local devices and prefer storing data in secured Cloud environments, where data can be protected against deletion, loss and modification (such as encrypted by ransomware).
Finally, Pro CISO recommends providing employees with enterprise-grade password managers, such as Dashlane, to ensure that passwords are sufficiently strong, not re-used, and managed centrally through a robust platform, offloading this burden from the end user and making their life easier.
If you have received a notification from Pro CISO regarding the above mentioned topic, feel free to follow the suggested remediation actions, or to reach out to us for further clarifications.
While providing Threat Intelligence services to its customers, such as Credential Monitoring for identifying leaked or stolen corporate credentials, Pro CISO often is confronted with entire datasets of credentials that have been extracted by stealer malware on compromised user devices.
These collections of credentials often refer to corporate services used by employees to perform their work activities, or third parties to support their partners, or even by customers accessing online services.
When Pro CISO provides its Credential Monitoring service to its customers, it will identify both the customer resources and the customer credentials that are made available on the Darkweb. These credentials are often sold, traded or simply made available in restricted forums.
Criminal groups can make many uses of the compromised credentials:
- Achieving lists of email addresses that could be used for Phishing;
- Acquire the credentials associated to email addresses;
- Directly access the resources that do not require a second factor;
- Acquire the second factor or session cookie via man-in-the-middle Phishing attacks;
- Silently exfiltrate information and/or prepare additional attacks, such as BEC.
Being proud of contributing in making the Digital world a safer place, Pro CISO will launch periodical campaigns on a best-effort basis and completely free of charge, to notify the end users that their credentials are exposed in clear-text in the Darkweb, allowing them to rapidly modify their compromised passwords for the specified target web sites, and any other in which they are re-using the same password.
Additionally, Pro CISO highlights that when credentials are stolen from the user device, the assumption is that the device itself has been compromised or infected with a stealer malware in the browser or hidden in the operating system. For these cases it's necessary to scan and clean the device, or back up the data before wiping and reinstalling it.
Pro CISO also recommends to minimize the data stored on local devices and prefer storing data in secured Cloud environments, where data can be protected against deletion, loss and modification (such as encrypted by ransomware).
Finally, Pro CISO recommends providing employees with enterprise-grade password managers, such as Dashlane, to ensure that passwords are sufficiently strong, not re-used, and managed centrally through a robust platform, offloading this burden from the end user and making their life easier.
If you have received a notification from Pro CISO regarding the above mentioned topic, feel free to follow the suggested remediation actions, or to reach out to us for further clarifications.