Access data for half of top 20 US firms for sale on dark web, report finds

Single-sign-on (SSO) might be convenient for companies and help to protect against phishing attacks, but it is no guarantee of cybersecurity – half the most valued firms in the US have had such credentials stolen and posted for sale on illegal trading forums this year.

The findings come from researcher BitSight, which declared that the 20 Standard & Poors companies – that together comprise a market value of $11trn – featured prominently in the 3,000 businesses it surveyed, with at least one set of credentials per affected corporation offered for a price.

But the trend was not limited to the biggest players in the corporate world, with a general rise noted in SSO credentials for sale on the dark web in 2022: in June and July alone, 1,500 fresh sets were observed to be up for grabs.

Describing SSO credentials as “the keys to the kingdom” because of their ability to facilitate multiple device access across an organization in one fell swoop, BitSight said such data could be all too easily obtained by malicious actors.

“Credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials,” said BitSight CTO Stephen Boyer. “These findings should raise awareness and motivate prompt action to become better acquainted with these threats.”

The rise in SSO credentials for sale was complemented by a parallel rise in affected companies, with the number rising from less than 100 at the beginning of the year to more than three times that amount in June.

In terms of industry, the worst affected sectors were technology, manufacturing, retail, finance, and energy.

More broadly, stolen credentials of all kinds have been found to facilitate around half of cyberattacks, making them the most common attack vector for online crooks, according to Verizon research cited by BitSight in its report.

BitSight urges all businesses to take precautionary measures, including analyzing third-party vendor cybersecurity and taking up adaptive multifactor authentication – which assesses security clearance based on a subject’s monitored behavioral patterns.

Subscribe to our newsletter

How space weather hinders satellite cybersecurity

Procurement as an unguarded attack surface

Microsoft phishing scam exploits the passing of Queen Elizabeth II

Cybercriminal forum staff defrauds its customers

Crooks hijack popular YouTube channels