Yesterday, The New York Times reported that on October 24, 2021, Microsoft officials and cybersecurity experts discovered that Russia’s premier intelligence agency had launched yet another campaign to pierce thousands of U.S. government, corporate, and think-tank computer networks. Government officials have confirmed that the attack, aimed at acquiring data stored in the cloud, appeared to come out of the S.V.R., the Russian intelligence agency responsible for entering the Democratic National Committee’s networks during the 2016 election in addition to likely carrying out the notorious SolarWinds hack.
Microsoft said that the S.V.R. attack “primarily involved deploying a huge database of stolen passwords in automated attacks intended to get Russian government hackers into Microsoft’s cloud services.” Microsoft also observed that this tactic “would work only if some of the resellers of Microsoft’s cloud services had not imposed some of the cybersecurity practices that the company required of them last year.” Organizations often have little visibility into the risk that compromised credentials and exposed personal information represent to the security of their operations. As a result of digital transformation initiatives and the “new normal” of remote work, more individuals now have access to sensitive data and systems resulting in more people being targeted. It is the powerful combination of compromised credentials, combined with exposed personal information used to correctly answer secondary authentication questions when challenged, that enables bad actors to appear as an authorized user to access confidential systems and data and compromise critical systems.
“We are increasingly observing the direct relationship between the volume of employees’ personal information and compromised credentials circulating on social media and the surface, deep, and dark web with the cyber risk incurred by organizations who fail to proactively identify and monitor these exposed credentials and respond accordingly,” said Alberto Casares, VP of Digital Risk at Constella Intelligence.
Effective cyberattacks from the S.V.R. are not slowing down and a senior Biden administration official noted “We can do a lot of things, but the responsibility to implement simple cybersecurity practices to lock their — and by extension, our — digital doors rests with the private sector.” This same senior official said that the attacks “could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.” The type of attack launched by S.V.R. thrives off the availability of sensitive personal and corporate data, such as compromised credentials and personally identifiable information (PII), circulating in an expansive network of digital marketplaces. These risks targeting employees, executives, and brands alike are now commonplace, a result of organizations operating at scale within a complex digital ecosystem. [Learn more about improving your cybersecurity hygiene: “Six Steps To Safeguard Executives, Employees, and Corporations from Digital Risk”.]
Organizations need to ensure that they can defend against these dynamic, emerging risks enabled by exposed credentials and PII in the digital sphere. Dome, from Constella Intelligence, can help organizations protect their critical systems and prevent their valuable, sensitive data from falling into the hands of threat actors. Attacks like these dramatically emphasize the need for organizations, including those working with the government, to adopt digital risk protection services like Dome.
Solutions like Dome exist today, and they must be adopted if organizations are to succeed in protecting their valuable, sensitive data and access to critical systems from falling into the hands of threat actors.
The first two modules released under Constella Dome, Employee Protection and Executive Protection, allow organizations to continuously assess and monitor all employees and executives for external digital risks, such as compromised corporate credentials and exposed personal information. Threat actors, like Russia’s S.V.R., use this exposed data to carry out supply chain attacks, account takeovers, ransomware, and impersonations, causing costly business disruptions and threats to national security. Constella has developed this unique solution to protect all employees and executives at scale, delivering real-time, actionable alerts whenever it detects any digital threat that happens on the surface, deep web and dark web, and social media. Dome combines the incredible capabilities of Constella’s proven proprietary technologies with an easy-to-use interface that gives any organization a single dashboard to protect all their employees and executives, not just a select few.
Constella Dome is an automated digital risk protection platform that protects your people, data, and brand from external cyber threats. It continuously maps and monitors your organization’s external digital footprint, enabling you to respond faster to digital risks before they can cause damage. Dome provides real-time intelligence created from thousands of sources across social media, surface, deep, and dark web and the Constella Intelligence team vets the data to ensure accuracy, relevance, and timeliness. Constella’s data lake is the industry’s largest collection of compromised identities with over 45 billion curated identity records spanning 15+ years, over 20 billion social posts analyzed, and more than 16 million malicious actors identified.
Try our Exposure Risk Tool to understand your level of risk and find out if you, your company, or your employees have been exposed – FREE.