SSO Credentials of 25% of Most Valuable Companies are on Sale on the Dark Web
The cybersecurity assessment and rating company observed the availability of SSO credentials is spiraling in 2022.
According to a new report from BitSight Technologies, at least one single sign-on (SSO) credential of as much as half of the top 20 most valuable companies in the U.S. are available for sale on the dark web. Additionally, 25% of the S&P 500 companies have at least one user whose SSO credential is up for grabs.
SSO is an essential part of enterprises and any organization whose employees need to reduce password fatigue, enhance IT administration, and securely access multiple applications from one dashboard. BitSight noted SSO also reduces phishing and can increase productivity. The flip side is that a single compromised SSO password threatens the entire security fabric of organizations.
So the fact that BitSight discovered credentials belonging to 25% of the largest companies in the U.S., representing $11 trillion in market value, on sale on the dark web raises some serious concerns. The total number of public companies whose SSO credentials are on sale is just under 350.
The cybersecurity assessment and rating company observed the availability of SSO credentials is spiraling in 2022. The number of SSO credentials of public companies broke the 3000 mark in July 2022.
New Cumulative SSO Credentials on Sale on Dark Web | Source: BitSight
See More: 24B Credentials Are Up for Grabs on Darkweb Marketplaces
More than 1,500 of these new SSO credentials were put up for sale in June and July. The number is set to increase in August, considering the impact of the 0ktapus phishing campaign that compromised 9,931 login credentials and over 5,000 multi-factor authentication (MFA) codes from 136 companies, including Twilio, Cloudflare, and Mailchimp.
New SSO Credentials Listed For Sale According to Months in 2022 | Source: BitSight
Stephen Boyer, BitSight co-founder and CTO, said, “Credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials. These findings should raise awareness and motivate prompt action to become better acquainted with these threats.”
Under the 0ktapus campaign, the threat actors impersonated Okta’s identity and access management service. However, the threat can also come from vendors, as was the case when Okta was breached in January 2022 (but disclosed two months later in March after its attacker Lapsus$ cyber extortion group released screenshots) through one of its vendors, Sitel.
BitSight discovered that organizations in the technology sector are the most affected, followed by manufacturing, finance, energy, business services, transportation, healthcare, consumer goods, and media and entertainment.
BitSight suggested the following to protect credentials:
- Leverage adaptive MFA, which is based on geolocation, day and time to identify suspicious activity or Universal two-factor (U2F) authentication, which employs an origin-bound physical key and stops authentication on fake sites. Simple MFA can be bypassed, as demonstrated by a recent AiTM phishing campaign.
- Adopt the principle of least privilege, i.e., limit the number of apps that employees can access to only those they need.
- Third-party/vendor risk management by assessing their cybersecurity posture, deploying continuous monitoring and keeping track of the data being shared with them and whether it is sensitive.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON CREDENTIAL SECURITY
- Integrating Business Applications With Enterprise SSO: Top Tips & Considerations
- 1,859 Mobile Apps, Mostly iOS, Found Storing Hard-Coded Credentials for AWS Databases
- WT1STOP Marketplace Seized For Trading Stolen Credentials, Operator Faces Charges
- Data for Ransom Gains Momentum through Compromised Credentials