Over 1.4 billion passwords found on the Dark Web. That’s almost 5 times the population of the United States.
That is, 1.4 billion records detailing passwords, usernames. Basically credentials to all sorts of social media and personal email accounts. Passwords that even novice hackers can exploit to get on your network.
Why should you worry about all of these—presumably old—password on the Dark Web?
Nearly 25% of workers use either the same exact password for both social media and work accounts. That means there is likely someone on your network with a compromised password—say Facebook, PayPal, even MySpace—using that very same password (or something very similar) to access your work network.
If you have any employees that dabble on social media in any way, shape, or form, they likely have some password or credential (which in and of itself may seem quite benign) floating around on the Dark Web.
But here’s the scary part….
Scammers are using those old passwords to phish your users into letting them onto your network!
The rest is formulaic:
You don’t know me and you’re thinking why you received this e mail, right? Consider the following scenario:
Well, I just sent you an email with your Facebook password. I tell you that it’s listed on the following website:
www.foundyourpassword.com
And then I tell you click on the link above to make sure.
While you clicked on that link, your web browser actually acted as an RDP (Remote Desktop) and a keylogger which provided me access to your screen. Right then and there, I was able to gather information from your Messenger, Facebook, and login credentials to your work account. I also might drop a little 1 x 1 pixel that contains just enough code to phish all of your friends and coworkers (giving me the perfect ‘in’ to your network with some heavier duty malware to ransom your data.
What’s next on my ToDo list?
I probably would lay dormant for a while, awaiting a time in which your computer was on your hospital’s network long enough for me to send a malware bot across your network, infecting every single computer. I then would let the bot sit on your network for days, or even weeks, gathering information for me to determine if or when a ransomware attack was called for.
More likely than not, my bot will encrypt all of the files on your network. I know you’re a hospital and that you need your medical records to operate and that you’ll be hard pressed to keep your doors open without it. I also know I might be able to sell your patient medical records on the Dark Web for a pretty penny.
Bottom line: if a hacker can get to any user—with any information that remotely scares them, they’ll likely be able to crack onto your network.
Cases of cyberattacks that utilize cracked user social media passwords have become effective ways of cracking into hospital networks.
Is your hospital safe from the latest ransomware attacks? Contact us TODAY for a ransomware assessment!
