Are Your Company’s employee logins Being sold on the Dark Web?

Find Out with a Complimentary Dark Web Scan

Detect Compromised Credentials Used to
Exploit Employees and Customers

To help keep your critical business assets safe from the compromises that lead to breach and theft, we are offering a complimentary, one-time scan with Dark Web ID™ Credential Monitoring.

Our Dark Web ID Credential Monitoring detects compromised credentials in real-time on the Dark Web and notifies you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Digital credentials such as usernames and passwords connect you and your employees to critical business applications, as well as online services. Unfortunately, criminals know this — and that’s why digital credentials are among the most valuable assets found on the Dark Web.

Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by law enforcement — but by then, it’s too late. According to National Institute of Standards and Technology (NIST), small and medium-sized businesses may have more to lose than larger organizations, because cybersecurity events can be costly and threaten their survival.

Cybersecurity doesn’t have to be too overwhelming, expensive or complicated.
The first step to protecting your business is understanding your risk

Dark Web IDFrequently Asked Questions

What is the Dark Web?

Our Dark Web ID Credential Monitoring detects compromised credentials in real-time on the Dark Web and notifies you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Digital credentials such as usernames and passwords connect you and your employees to critical business applications, as well as online services. Unfortunately, criminals know this — and that’s why digital credentials are among the most valuable assets found on the Dark Web.

Dark Web IDOther Common Questions

How does Dark Web ID help protect my organization?

Our service is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. Dark Web ID leverages a combination of human and artificial intelligence that scours botnets, criminal chat rooms, blogs, Websites and bulletin boards, Peer to Peer networks, forums, private networks, and other black-market sites 24/7, 365 days a year to identify stolen credentials and other personally identifiable information (PII).

How are the stolen or exposed credentials found on the Dark Web?

Dark Web ID focuses on cyber threats that are specific to our clients’ environments. We monitor the Dark Web and the criminal hacker underground for exposure of our clients’ credentials to malicious individuals.

We accomplish this by looking specifically for our clients’ top level email domains. When a credential is identified, we harvest it. While we harvest data from typical hacker sites like Pastebin, a lot of our data originates from sites that require credibility or a membership within the hacker community to enter. To that end, we monitor over 500 distinct Internet relay chatroom (IRC) channels, 600,000 private Websites, 600 twitter feeds, and execute 10,000 refined queries daily.

Does the identification of my organization’s exposed credentials mean we are being targeted by hackers?

While we can’t say definitively that the data we’ve discovered has already been used to exploit your organization, the fact that we are able to identify this data should be very concerning. Organizations should consult their internal or external IT and/or security teams to determine if they have suffered a cyber incident or data breach.

Data source locations & descriptions: Where do we find data?

  • Dark Web Chatroom: compromised data discovered in a hidden IRC;
  • Hacking Site: compromised data exposed on a hacked Website or data dump site;
  • Hidden Theft Forum: compromised data published within a hacking forum or community;
  • P2P File Leak: compromised data leaked from a Peer-to-Peer file sharing program or network;
  • Social Media Post: compromised data posted on a social media platform;
  • C2 Server/Malware: compromised data harvested through botnets or on a command and control (C2) server.

Identified method used to capture/steal data: How was the data stolen or compromised?

  • Tested: the compromised data was tested to determine if it is live/active;
  • Sample: the compromised data was posted to prove its validity;
  • Keylogged or Phished: the compromised data was entered into a fictitious website or extracted through software designed to steal PII;
  • 3rd Party Breach: the compromised data was exposed as part of a company’s internal data breach or on a 3rd party Website;
  • Accidental Exposure: the compromised data was accidentally shared on a Web, social media, or Peer-to-Peer site;
  • Malicious / Doxed: the compromised data was intentionally broadcast to expose PII.

What does Password Criteria Mean?

Password Criteria is designed to allow you or your clients to identify what their on-network password criteria is in order to put a higher alert status on credential exposures that may meet these criteria. It allows you to enter minimum lengths, number of letters, numbers, special characters and capital letters.

What does it mean when a password has a long series of random numbers and letters?

This means the password was published as “hashed” (still encrypted). Hundreds of encryption dictionaries are readily available on the Web, and it’s not uncommon for these passwords to be “cracked” or decrypted and available on multiple 3rd party websites.

Some of this data is old and includes employees that are no longer working for us. Doesn’t this mean we are not at risk?

While employees may have moved on from your organization, their company issued credentials can still be active and valid within the 3rd party systems they used while employed. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “zombie” accounts that can be used to exploit an organization. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve shut down any active internal and 3rd party accounts that could be used for exploit.

I see fake emails (false positives). Why is this important?

Fake email accounts are routinely created by employees as a “throw away” when wanting to gain access to a system or piece of data. However, fake email accounts are frequently created to facilitate well-crafted social engineering and/or phishing attacks. Often, the identification of fake email accounts indicates that an organization has been targeted by individuals or groups in the past.

The password identified does not meet our network criteria. Why should we care about this?

Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using metasploit frameworks (hacking and pentesting tools) to “brute force” their way into an unsuspecting system.

What is the difference between an Administrator User and Standard User?

The Standard User does NOT have access to view passwords.

Can I track personal email accounts for compromises?

We allow for up to 5 personal email addresses per organization to be tracked, in addition to all emails on the company domain.

Any “Best Practices” for individual users or Corporate IT on frequency of password change or actually changing your personal or professional email?

Please refer to the National Institute of Standards and Technology’s (NIST) Special Publication 800-63B Digital Identity. A link to SP800-63B can be found here: https://pages.nist.gov/800-63-3/sp800-63b.html

Is it safe to say Cloud storage is a serious concern for data breach? With most of our software tools moving to Cloud hosting, does this create more risk for my company’s IP?

There can be as much risk to your data within a Cloud environment as there is when it resides locally within your own servers. When researching Cloud providers and data centers, make sure you understand their compliance and certification with the security standards and protocols that impact your industry. CSO Online maintains a thorough list of security laws, regulations and guidelines by type: http://www.csoonline.com/article/2126072/compliance/compliance-the-security-laws-regulations-and-guidelines-directory.html

Are there any special credentials needed to investigate the Dark Web?

You do not need special permission to access the deep or Dark Web. However, accessing the deep or Dark Web requires the use of a “TOR” browser and should only be done using a VPN/ encrypted tunnel. In general, we advise against attempting to access the Dark Web.

If your personal data is found on the Dark Web, can it be removed?

Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cyber criminals, within a short period of time. It is generally implausible to remove data that has been disseminated within the Dark Web. Individuals whose PII has been discovered on the Dark Web are encouraged to enroll in an identity and credit monitoring service immediately. Ask us about it

As Seen In

  • 600 Kogo
  • Kusi News
  • SDBJ
  • CIO
  • Inc Tech.
  • Small Business Computing
  • Processor
  • Data Centres

Contact us today, to find out how we can help! Get your free dark web scan

Click Here

“I chose AgilisIT because they earned my trust… They listened to our needs, anticipated the technology trends and brought us scalable solutions that helped us stay ahead of the curve. I could not have asked for a more responsive, service-oriented group of consultants.”

Dr. Jon M. Robins Former Chairman & CEO, Imaging Healthcare Specialists

WordPress Image Lightbox Plugin