Reacting to reports that a CIA-backed tech company has found stolen government log-ins and passwords for 47 government agencies all over the Web https://www.recordedfuture.com/government-credentials-report/ Tripwire security expert Ken Westin provided the following comments:
Ken Westin, senior security analyst at Tripwire says: “There are massive amounts of information available on the Internet from various data breaches, and these data allow attackers to easily identify and correlate a variety of personal information. Personal email addresses, social media accounts and other data may also be available as well as work email and login credentials from other breaches. Pastebin searches bring up a number of compromised accounts from recent breaches, but it's likely these credentials are no longer valid. However, many threat actors monitor Pastebin and other similar sites in real-time, so when new credentials are posted they can correlate this information and act on them quickly.
“To defend against the sophisticated abilities to correlate personal data from a variety of sources a number of organizations integrate and aggregate threat intelligence data from Pastebin and similar sites into their SIEM to alert system administrators when accounts may be compromised. Monitoring the Internet, specifically paste sites and forums for activity related to these sites for corporate domain names, is becoming increasingly common.
“Cyberattack detection is no longer just about monitoring what is happening on your network, but also monitoring externally for email addresses, PII and intellectual property that could be precursors to an attack or indicators of compromise. The reality is that malware often shares many of the same files and libraries as legitimate software so identifying a threat involves a correlation of multiple file changes and behavior. Organizations that haven't yet implemented these kinds of capabilities often have a blind spot in their cybersecurity visibility."