Cybercrime analytics firm SpyCloud found 721.5 million exposed login credentials on the dark web in 2022, with nearly half coming from botnet logs. Researchers also discovered a staggering number of users that had their credentials leaked in breaches last year were reusing the same compromised passwords — around 72% total. These figures come from SpyCloud’s 4th Annual Identity Exposure Report, which the firm published on Monday. “Our researchers combed through billions of recaptured data assets from the dark web over the course of 2022, and their analysis brought back a few familiar themes from past years, and also uncovered some alarming shifts in cybercriminal trends,” SpyCloud stated.
Malware-Infected Devices Just as Dangerous as Data Breaches
SpyCloud stated that, contrary to popular belief, data breaches are not the only way login credentials end up on the dark web. In fact, credential-stealing malware is just as big of a threat. Additionally, malware-infected devices pose a more severe long-term threat to organizations. If they remain undetected, malicious actors operating the malware or botnet can maintain persistence and continue to steal data, even if the victim changes their passwords. “Over the past few years, we’ve observed that malicious actors are more commonly using a multitude of malware-stolen data assets to impersonate identities,” the firm stated. “They are gravitating to this tactic — rather than relying on combo lists (username and password pairs) that have been circulating for a while — because it’s more effective and has a greater return on investment,” it added. Cybercriminals also rely on malware that collects browser session cookies which allows them to carry out further malicious activity. They can use session cookies to steal more sensitive information or use it to bypass multi-factor authentication.
Poor Password Hygiene Rampant in 2022
The report highlighted that password reuse numbers did not improve last year. SpyCloud found that nearly 72% of users exposed to two or more breaches used recycled passwords. Furthermore, it found that pop culture passwords remained a popular phenomenon. “It appears that Swifties take their love of Taylor to the next level by using her name in their passwords, or at least 186K of them did. And another pop star, Bad Bunny, Spotify’s most streamed artist of the year, also showed up in 141K passwords we recaptured last year,” SpyCloud stated. Ultimately, organizations cannot afford to overlook poor password hygiene, as it remains a major target for malicious actors for initial access to corporate networks. Once a criminal enters a victim’s IT environment, they could steal more sensitive company data or infect the network with ransomware. Using a password manager is a good starting point to prevent some of the common mistakes that allow bad actors to easily enter networks. We also recommend that small business owners check out our beginner’s guide to cybersecurity for more useful tips.