London, May 10, 2022 - Outpost24, an innovator in identifying and managing cybersecurity exposure, today announced the results of its 2022 FTSE 100 Credential Theft Study outlining the number of breached credentials from the UK’s most profitable companies online – ready to be exploited by threat actors.
The Financial Times Stock Exchange (FTSE) 100 Index is made up of the 100 biggest companies by market capitalisation on the London Stock Exchange. These companies represent some of the most influential and profitable enterprises on the market across various industry verticals. Within the FTSE 100 list, Outpost24 isolated the companies into eight key industries: Finance, IT/Telecom, Energy and Utilities, Healthcare, Transport, Retail, Construction, and Hospitality.
Using our threat monitoring and auditing tool Blueliv, we found up to 31,135 exposed user credentials belonging to FTSE 100 companies on the open, deep and dark web. In fact, 75% of these credentials were stolen through data breaches and 25% were unknowingly obtained via malware infection/stealer. Of this number, over 60% of the stolen user logins and passwords came from three of the highest regulated industries - IT/Telecom (23%), Energy and Utility (22%) and Finance (21%) amongst the world’s biggest companies.
Ransomware groups from Conti to REvil are known to use stolen credentials to gain initial access, and the Colonial Pipeline take down was a prime example of the danger of even a single compromised password. Compromised credentials offer threat actors the fastest path into a company’s network and is a common issue that can go undetected if left un-monitored.
Further details of the study highlights:
- The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
- Nearly half (42%) of FTSE 100 companies have more than 500 unique, compromised user logins exposed on the dark web, putting them at risk of credential-based attacks
- Up to 20% of the stolen credentials for FTSE 100 companies were stolen via malware infection and stealers
- 11% of the breached credentials were disclosed in the last three months (21% in the last 6 months and over 68% has been exposed for over 12 months)
- Industry breakdown
- IT/Telecom is the most at risk. The sector has the highest amount (7303) and average stolen credential per company (730). They are also most affected by malware infection
- On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they have found themselves increasingly in the cybercriminals’ crosshairs since the pandemic.
Corporate credential theft is usually a targeted effort and make FTSE 100 companies especially vulnerable because many see them as “big game hunting”. “Once an unauthorised third party or initial access broker get hold of user logins and passwords, they can sell the credentials on the dark web to an aspiring hacker, or use them to compromise an organization’s network by bypassing security measures and moving laterally within to steal critical data and cause disruption,” said Victor Acin, Labs Manager at Blueliv, an Outpost24 company.
“Stolen credentials are dangerous because there is very little that can be done to identify and detect once an intruder is inside your system. Therefore, it’s important to proactively monitor stolen credentials and alert security to reset passwords upon discovery to reduce risk.”
The full Outpost24 2022 FTSE 100 Stolen and Leaked Credentials report can be accessed here.
The Outpost24 group is pioneering cyber risk management with vulnerability management, application security testing, threat intelligence and access management – in a single solution. Over 2,500 customers in more than 40 countries trust Outpost24’s unified solution to identify vulnerabilities, monitor external threats and reduce the attack surface with speed and confidence.
Delivered through our cloud platform with powerful automation supported by our cyber security experts, Outpost24 enables organizations to improve business outcomes by focusing on the cyber risk that matters. Visit outpost24.com for more information.