24 March 2018

Banks are top targets for employee credential thieves

29 November 2017  |  6365 views  |  0 Login detail

The banking sector accounts for nearly a quarter of all exposed employee IDs and passwords at FTSE 100 companies, according to analysis from cyber security firm Anomali.

With the Equifax and Deloitte hacks fresh in the memory, Anomali scoured the dark web and hacker forums, finding 16,583 credential exposures related to FTSE 100 firms, up from just 5275 a year before.

More than three quarters of all 100 FTSE members were exposed, with an average of 218 usernames and password stolen, published or sold per company.

The banking sector was hardest hit, accounting for 23% of the total exposed credentials, ahead of the energy, oil and gas, and consumer goods sectors.

Colby DeRodeff, co-founder, Anomali, says: "Security issues are exacerbated by employees using their work credentials for less secure non-work purposes. Employees should be reminded of the dangers of logging into non-corporate websites with work email addresses and passwords."

Anomali also found 438 suspicious domain registrations linked to FTSE 100 members, with 82 firms having at least one. Again, the banking sector is the top target, with 83 registrations, more than double the next industry, energy.

"Monitoring domain registrations is a critical practice for businesses to understand how they might be targeted and by whom. A threat intelligence platform can aid companies with identifying what other domains the registrant might have created and all the IPs associated with each domain," says DeRodeff.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Equifax profits dive on data breach costs

Equifax profits dive on data breach costs

10 November 2017  |  7256 views  |  0 comments | 5 tweets | 1 linkedin
SEC data breach: hackers accessed personal information

SEC data breach: hackers accessed personal information

02 October 2017  |  6068 views  |  0 comments | 2 tweets | 1 linkedin
Financial sector breaches skyrocket in 2016

Financial sector breaches skyrocket in 2016

28 April 2017  |  11320 views  |  0 comments | 20 tweets | 33 linkedin

Related company news


Related blogs

Create a blog about this story (membership required)
Visit http://info.nice.comRegister your place today

Top topics

Most viewed Most shared
hands typing furiouslyBitcoin at 50,000 USD?
14860 views 0 | 8 tweets | 5 linkedin
BBVA tests 'invisible payments' technology at inhouse cafeBBVA tests 'invisible payments' technology...
12347 views comments | 16 tweets | 35 linkedin
RBS hatches plan to create digital challenger bankRBS hatches plan to create digital challen...
11979 views comments | 12 tweets | 23 linkedin
Barclays partners seven watch brands for contactless timepiecesBarclays partners seven watch brands for c...
10791 views comments | 14 tweets | 32 linkedin
Germany's N26 readies for US launch with EUR110 million capital injection led by Allianz and TenCentGermany's N26 readies for US launch with E...
8861 views comments | 15 tweets | 11 linkedin

Featured job

London, UK (or flexible)

Find your next job