January 28th, 2018
Compromised credential fraud is trending in the news. This time, it’s due to the US Department of Justice (DOJ) announcement about the takedown of xDedic. This dark web marketplace for years allowed cybercriminals to buy and sell stolen credentials and personally identifiable information. According to the DOJ press release:
The xDedic Marketplace operated across a widely distributed network and utilized bitcoin in order to hide the locations of its underlying servers and the identities of its administrators, buyers, and sellers. Buyers could search for compromised computer credentials on xDedic by desired criteria, such as price, geographic location, and operating system. Based on evidence obtained during the investigation, authorities believe the website facilitated more than $68 million in fraud. The victims span the globe and all industries, including local, state, and federal government infrastructure, hospitals, 911 and emergency services, call centers, major metropolitan transit authorities, accounting and law firms, pension funds, and universities.
Adding to the story were several leading news outlets. SC Magazine’s Teri Robinson turned to Dtex Systems’ Insider Threat Analyst Team Manager Armaan Mahbod to help readers understand how to reduce the odds of falling victim to credential-based attacks. Teri quoted Armaan:
This announcement provides a huge learning instance for all security and risk professionals, which is that no matter how hard we try to keep track of credentials, there is high risk that they are going to end up on the dark web. Legacy technologies designed to protect credentials are failing almost 100 percent of the time. The only real way to know if your organization has been infiltrated by a cybercriminal using credentials is by understanding the behaviors demonstrated by user accounts.
Additional news stories worth having a look at include:
ZDNet: Authorities shut down xDedic marketplace for buying hacked servers, by Catalin Cimpanu.
CSO: Law enforcement shuts down xDedic marketplace for hacked servers, by Lucian Constantin
Inllicit Trade News Network: US and European investigators knock xDedic cyber crime marketplace offline, by Guillaume Goudreau
The xDedic takedown wasn’t the only news item stirring up attention for the trouble that stolen credentials cause. Last week at Dark Reading, Ericka Chikowski provided the security community with a look at how credential compromises play out in Credential Compromises By the Numbers. The US-CERT issued an alert about a recent DNS infrastructure hijacking campaign that relies on hijacked credentials. Both of these are worth a read.
Last week, United States Director of National Intelligence Daniel Coats released the National Security Strategy of the United States. Some welcomed (but not surprising) inclusions in the strategy include a focus on the insider threat. Dealing with it is part of the plan’s mission objectives. Number 7 states that the US must: Detect, understand, deter, disrupt, and defend against threats from foreign intelligence entities and insiders to protect U.S. national and economic security.
Read the full report: National Intelligence Strategy of the United States of America 2019
Federal Computer Week’s Derek Johnson provided a great overview: New intel strategy stresses data collection, cyber threats
Happy Data Privacy Day
It’s Data Privacy Day, according to StaySafeOnline. For sure, not a minute goes by where we aren’t treated to the troubles caused by privacy violations. As a security provider committed to privacy by design, we pay special attention to the subject. In a series of well-timed editorials and announcements leading up to today, and the World Economic Forum in Davos, technology industry titans offered their opinions on the topic and on the need for related regulations. Several key reads include:
SecurityWeek: Microsoft Chief Calls for ‘Global Standard’ on Privacy, by Kevin Townsend.
Time Magazine: You Deserve Privacy Online. Here’s How You Could Actually Get It, by Apple CEO Tim Cook.