Latest Stories

    Celero Insights

    Filter By Categories

    Protect your credit union credentials from dark web dangers

    October 09, 2019

     

     

     October is Cyber Security Awareness Month, and Celero will be sharing articles and content about how to become a cyber resilient credit union, protecting your organization and members from cyber risks.

     

    Protect your credit union credentials from dark web dangers
    Did you know the first prototype of the Internet was developed for a research agency within the U.S. National Defense Department? Essentially, the Internet we know today was originally designed with a purpose to protect people and information.

     

    Fast forward 60 years, and the reasons people use the Internet is as vast and complex as our universe. And some of these reasons are on the darker side. We’re talking about the dark web. But what is it and how could it impact your credit union?

     

    Meet the dark web

    The dark web has been around basically since people started using the internet for commercial purposes. But the dark web isn’t a disparate underworld. In fact, it’s built just like any other website you encounter daily. The difference between the dark web and the Internet you are familiar with has to do with accessibility.


    According to an article in Scientific American by Robert Gehl, an Associate Professor in the Department of Communication at the University of Utah and a dark web researcher, the dark web is “accessed through special network-routing software, which is designed to provide anonymity for both visitors to websites and publishers of these sites.”


    Dark websites also don’t have your typical .com, .ca domains either. Their URLs are strings of numbers and letters, often ending in .onion, designed to tell certain software programs to not reveal the identities of the website host or its visitors.

     

    How are credentials stolen?

    The 2019 Human Factor Report by Proof Point notes that cyber criminals are increasingly seeking vulnerabilities in human behaviours to steal credentials. “The instincts of curiosity and trust that lead well-intentioned people to click, download, install, open, and send money or data.”

     

    This usually involves social engineering tactics – which are increasingly becoming more sophisticated and harder for the average person to detect. Examples include:

     

    • Phishing – Through e-mail, social media, instant messaging and other digital communications, cyber criminals trick people into providing sensitive information or visiting a malicious website
    • Whaling – Similar to phishing, but whaling usually targets a prominent or high-profile person, such as a CEO
    • Baiting and Quid Pro Quo – this generally involves the promise of a good or service or an exchange of goods/services for information

     

    How do credentials get on the dark web?

    According to the Center for Strategic and International Studies, in their Economic Impact of Cybercrime report from 2018, “Stolen credit card numbers and personally identifiable information are offered for sale in quantity on the dark web using a complex set of transactions involving brokers and other intermediaries in black markets. Financial theft is transferred to the criminals’ own bank accounts through a series of transfers intended to disguise and confuse.”

     

    What happens to stolen credentials?

    Stolen credentials are often used in data breaches, with cyber criminals attempting to hack into organizations through a technique called credential stuffing. After acquiring a large set of stolen credentials, criminals will try to push them through an organizations’ login page. This is often effective when people re-use the same username and passwords across multiple sites.

     

    The 2018 Credential Spill Report by Shape Security revealed that the U.S. consumer banking industry faces nearly $50 million per day in potential losses due to credential stuffing attacks.

     

    What can you do?

    Educate – Increasing your staff’s awareness of the importance of credential protection, educating them on phishing campaigns and having policies around passwords and online behaviours will reduce vulnerabilities within your credit union

     

    Detect – Celero’s Dark Web ID Credential Monitoring detects compromised credentials in real time on the dark web and notifies clients immediately when these critical assets are compromised, before they can be used for identity theft, data breaches or other crime.


    Protect – Rely on security experts, like Celero, to provide a robust security strategy that will keep your credit union and your member safe. Read our recent whitepaper, Safeguarding your credit union: Managing complexity with Celero’s security strategy to learn more.

    Subscribe Email