The volume of credential exposures has dramatically increased to 16,583 from April to July 2017, compared to 5,275 in 2016. 77% of the Financial Times Stock Exchange 100 Index (FTSE 100) were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials.
In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. The report also reveals that five of the FTSE 100 companies had more than 1,000 credential exposures and the banking sector accounted for a quarter (23%) of the total exposed credentials.
The Anomali research team also analysed suspicious domain registrations and for the second year, the vertical hit hardest by malicious domain registrations was banking with 83, which accounted for 23%. The majority of cyber attackers are using gmail.com and qq.com (a free Chinese email service) to register these domains to mask themselves.
The Financial Times Stock Exchange 100 Index, also called the FTSE 100 Index, is a share index of the 100 companies listed on the London Stock Exchange with the highest market capitalisation.
The report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures was executed by Anomali Labs and aims to identify suspicious domain registrations and potentially compromised accounts that could be used as part of an attack against the companies.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now