Report from Anomali reveals more than three quarters of UK’s largest businesses exposed by compromised credentials

Anomali, has today released a new report that identifies major security trends threatening the FTSE 100*. The volume of credential exposures has dramatically increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis. 77% of the FTSE 100 were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials.

In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. The report shows that a significant number of credentials linked to FTSE 100 organisations were still left compromised over the three months following the discovery. This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber attacks.

The report, The FTSE 100: Targeted Brand Attacks and Mass Credential Exposures**, executed by Anomali Labs also reveals that:

• Five of the FTSE 100 companies had more than 1,000 credential exposures, access to these enable cyber criminals to harvest and misuse additional credentials and company data
• The banking sector accounted for a quarter (23%) of the total exposed credentials

“Our research has uncovered a staggering increase in compromised credentials linked to the FTSE 100 companies. Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords. While companies should invest in cyber security tools that monitor and collect IDs and passwords on the Dark Web, so that staff and customers can be notified immediately and instructed to reset accounts,” said Colby DeRodeff, Chief Strategy Officer and Co-Founder at Anomali.

The Anomali research team also analysed suspicious domain registrations, finding 82% of the FTSE 100 to have at least one catalogued against them, and 13% more than ten. In a change to last year the majority were registered in the United States (38%), followed by China (23%). With the majority of cyber attackers using gmail.com and qq.com (a free Chinese email service) to register these domains to mask themselves. With a deceptive domain malicious actors have the potential to orchestrate phishing schemes, install malware, redirect traffic to malicious sites, or display inappropriate messaging.

For the second year, the vertical hit hardest by malicious domain registrations was banking with 83, which accounted for 23%. This is double that of any other industry. To avoid a breach, organisations have to be more accountable and adopt a stronger cyber security posture, for themselves and to protect the partners and customers they directly impact.

“Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain. This information can then be routed to network security gateways to keep inbound and outbound communication to these domains from occurring. No one is 100% secure against actors even with the intent and right level of capabilities. It is essential to invest in the right tools to help secure every asset, as well as collaborate with and support peers in order to reduce their risks to a similar attack,” continued Mr. DeRodeff.

* The Financial Times Stock Exchange 100 Index, also called the FTSE 100 Index, FTSE 100, FTSE, or, informally, the “Footsie” /ˈfʊtsi/, is a share index of the 100 companies listed on the London Stock Exchange with the highest market capitalisation. It is seen as a gauge of prosperity for businesses regulated by UK company law. The index is maintained by the FTSE Group, a subsidiary of the London Stock Exchange Group.

**The report on the Financial Times Stock Exchange 100 (FTSE 100) identifies suspicious domain registrations and potentially compromised accounts that could be used as part of an attack against the companies. The purpose of this report is not to disclose specific company names, but rather to examine trends and emphasise the effectiveness of this kind of data in warning against possible attacks. It represents analysis of the FTSE 100 data over three months from April to July 2017 and Anomali’s observations.