The Account Takeover in 2022 report found that more than 24 billion username and password combinations were on sale on the dark web, up from 15 billion in 2020.
That’s about four full sets of credentials for every person on Earth, but also a 65 percent increase since the last time this study was conducted two years ago.
This points to the fact that cybercriminals continue to benefit greatly from the difficulty Internet users and organizations have in properly protecting their credentials and access codes to the various platforms they use.
The report shows that the markets selling these credentials are robust and sophisticated, with several subscription utilities emerging to offer criminal premium utilities for purchase. The report also found that nearly one in 200 passwords found is 123456.
Of the 50 most commonly used passwords collected in the report, 49 can be cracked in less than a second using tools available on underground forums.
Demand in this market has reportedly increased as a result of the proliferation of ransomware cyberattacks. The millions of dollars in ransomware that many companies are resigned to paying is driving more and more individuals and groups to enter the market.
Demand for this market has increased as a result of the proliferation of ransomware cyberattacks. The millions of dollars in ransomware that many companies are resigned to paying is driving many individuals and groups into the market. Additionally, this increase is due to the pandemic-induced rise of telecommuting. Many of the credentials offered for sale are for Virtual Private Network (VPN) and Remote Desktop Protocol (RDP) tools.
To protect against account takeover attacks, experts suggest using proactive account protection, consistently applying good authentication habits and being aware of an organization’s digital footprint.
For individuals, they recommend using multi-factor authentication, password managers and complex one-time passwords.
In the end, with security becoming increasingly complex, could the password be coming to an end?
By Mélissa Walehiane