InvestorsHub Logo
Followers 5
Posts 2782
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Monday, 03/30/2020 5:28:54 PM

Monday, March 30, 2020 5:28:54 PM

Post# of 249143
Password vulnerability at Fortune 1000 companies

https://www.helpnetsecurity.com/2020/03/25/password-reuse-companies/?utm_campaign=Social%20-%20Third%20party&utm_source=twitter&utm_medium=social&utm_content=Helpnet-Security-SC-2020-F1k-Report

Despite often repeated advice of using unique passwords for online accounts – or at least the most critical ones – password reuse continues to be rampant. And, according to breach discovery firm SpyCloud, employees of the Fortune 1000 are just as bad about reusing passwords as the rest of us.

Compromised credentials

The company has combed through their database of breach data for data tied to Fortune 1000 companies, analyzed it and found that employees in media companies are the worse when it comes to password reuse (rate of reuse: 85%), and those is retailing the best (53%), although even they still reuse passwords way to much.

They also found that the credentials of 127,083 C-level Fortune 1000 executives are available on the criminal underground and that, on average, companies in the Hotels, Restaurants & Leisure sector have the most exposed C-level executives.

“The most common passwords for the Media industry are mostly unprintable. But for Fortune 1000 employees with family-friendly passwords, popular themes include first names, company names, and simple strings of numbers and letters (123456, abc123, password),” they added.

“While most of these examples would fail to pass basic corporate password policies, people tend to transform a base password in predictable ways to bypass complexity rules. For example, ‘password’ might become ‘Password1’ or ‘Passw0rd!’ at work. Unfortunately, criminals are well-aware of these patterns, and sophisticated account checker tools make it easy for criminals to test variations of exposed passwords at scale.”

Other compromised assets

Personally identifiable information, phone numbers, geolocation data, financial information, social media accounts, and secret answers to security questions also get compromised and exposed online.

This data can be used by cybercriminals to steal a victim’s identity, create credible spear phishing messages, submit fraudulent applications, perform SIM swapping and phone porting, make fraudulent purchases, drain funds from accounts, connect the dots between personal and corporate identities (and use that info for targeted attacks), and more.

Interestingly enough, SpyCloud found that employees in the telecommunications sector have the highest average numbers of exposed PII assets, phone assets, geolocation assets, and plaintext corporate credentials per company.

“Although the companies within this sector are large, with an average of about 74,000 employees per company, employee totals do not account for the disparity,” they noted.

“It’s possible that employee tenure could have something to do with the sector’s high exposure levels. Employees who have owned their corporate email accounts for many years would have had plenty of opportunities to use them on third-party sites. Conversely, high levels of churn could also potentially play a part, with many short-term employees racking up a few exposures each before moving on.”
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
==================================================================
Fortune 1000 companies are MISSING OUT on a SOLUTION such as Wave VSC 2.0!!! If only a Wave marketing team or individuals with knowledge of Wave POINTED the above information out to them!!!













Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.