.jpg)
The risks of cybercriminals ‘logging in’ rather than ‘hacking in’ are highlighted by a new report published by Socura. Produced in partnership with Flare, 'FTSE 100 for sale' is the result of an analysis of cybercrime communities across the clear and dark web. It uncovers over 460,000 instances of stolen credentials linked to employees of FTSE 100 companies.
The scale of the problem
The findings paint a stark picture of the threat facing UK businesses, driven by a rise in infostealer malware and the continued use of weak passwords.
Our research found:
- One FTSE 100 company had over 45,000 instances of stolen credentials available online
- 28,000 corporate credentials were leaked via infostealer logs
- 59% of FTSE 100 companies have at least one employee using 'password' as a password
- A potential death threat made against a FTSE 100 CEO
Download report
Evidence of credentials being actively sold on dark web forums is also disclosed in the report. Buyers, often technically skilled criminals, then use them to infiltrate systems and deploy ransomware. As Anne Heim, our Threat Intelligence Lead, notes:
"Most [cybercriminals]won't waste precious time hacking for credentials when they can easily find or buy them online.”
Get the full report for actionable insights
If the UK's biggest companies are exposed to the threat of credential theft, what does your organisation's exposure look like? Download 'FTSE 100 for sale' to see all the key findings and actionable recommendations to strengthen your organisation's security posture.
You'll also discover:
- Examples of C-suite leaders are being targeted
- Most common passwords used by FTSE 100 employees
- The risks of corporate email addresses being used for personal services