https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Password

Equifax Execs’ ‘Alarmingly Simple’ Passwords for Sale on Dark Web

  • Written by Kris Blackmon
  • September 16, 2017
Comodo's Global Threat Analysis Report found endpoint data for hundreds of Equifax users and employees for sale on the Dark Web, and says login credentials failed to comply with the most lax of security best practices.

When Bill Burr wrote his password recommendations for the National Institute of Standards and Technology (NIST) more than a dozen years ago, it included advice such as utilizing special characters, random capitalization and frequent changes. Carlos Solari was working in the White House managing information technology and security at the time. Immediately, Solari wasted no time in pushing the government adopted the recommended password requirements.

Burr came out this past August to walk back some of those recommendations in favor of longer, more user-friendly passwords. Solari, now VP of cybersecurity services at Comodo, was already two steps ahead and wise to NIST’s updated recommendations, released in June.

Too bad the executives at Equifax weren’t.

In a blog post released today, Comodo says that more than 388 records of Equifax user and employee endpoint data is available for sale on the Dark Web, including usernames, titles, passwords and login URLs, plus the dates on which they were obtained.

Here’s the kicker. Comodo found that many of the compromised employee accounts, including some belonging to members of the highest levels of management, were “alarmingly simple.” The investigation found that Equifax’s chief privacy officer, CIO, vice president of PR and vice president of sales used all lowercase letters, no special symbols and easily guessable words like spouses’ names, city names and even combinations of initials and birth year.

In other words, these executives’ standards for password security fell short of that of my 10-year-old niece. While Comodo says Equifax has most likely changed all passwords since the exposure of the cyberattack, there’s “a very high probability” that the passwords for sale on the Dark Web were used with internal Equifax applications considering most people use the same password for multiple applications.

Clearly, Equifax failed to mandate and enforce even the most basic of security best practices, despite the slew of cyberattacks on enterprise systems in recent years that have resulted in compromised data for tens of millions of consumers. Which has just about everyone scratching their heads. Why is it taking so long for corporations to catch up to even the most basic level of security best practices?

“I thought maybe last year was the year that corporations would begin to take security measures more seriously,” Solari told The VAR Guy. Here’s to hoping that the events of 2017 will be what do the trick. “With the rise of ransomware in these huge breaches like Petya and WannaCry, combined with the Equifax breach, hopefully corporations will begin taking security more seriously.”

The new General Data Protection Regulation (GDPR) in Europe will also help, says Solari since the data protection measure will apply to the export of personal data outside the EU to countries like the U.S. “It’ll be like gravity,” he explains. Once Europe adopts it, everyone who does business in the region will be pulled in a more secure direction.

Solari says the credentials were stolen via zero-day exploits using pony malware, a Russian (shocker) password stealer kit that can execute through phishing attacks or web application vulnerabilities. The pony sneaks in, exfiltrates data on the credentials of more than 90 applications, grabs the passwords then deletes all traces of itself.

The investigation was done using Comodo’s free ‘Global Threat Analysis Report,’ which scours the Dark Web to see if enterprises’ sensitive data is being traded and gives recommendations on how to restore security.

As for partners who want to ensure their customers’ data isn’t being peddled on the Dark Web, VP of marketing David Liff says Comodo offers a host of free tools on its website, including remote monitoring and management, patch management, forensic analysis tools and service desk. They can even work with partner success specialists to help themselves or their customers walk through the Dark Web. Of course, Comodo hopes once MSPs see the value of these tools, they’ll choose to purchase the company’s security solutions, but regardless, the free resources are a good way for partners to get an idea of whether or not their customers’ data has been compromised.

 

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Cloud Security Strategy Technologies

Related


  • Hottest Ticket in Town
    Channel Partners Virtual 2021 Is the Hottest Ticket in Town
    And that means any town, since it’s 100% online. Will you be there?
  • Malware alert
    It's Raining Malware: Understanding and Protecting Against Today's Threats
    From using VPNs to heightened security awareness, companies must work harder to stop attacks as people work from home.
  • Endpoint protection MSP
    How SMBs Can Secure Endpoints and Remote Workers for the Long Haul
    This white paper delves into this new world of endpoint and remote worker protection from the perspective of the SMB. On the coming pages we discuss four essential pieces of a successful program. Focusing on these priorities will help resource-strapped businesses hone their financial and human investments where they will matter most. Brought to you […]
  • Billing
    Massive SolarWinds Hack Prompts Up to $25 Million in New Security Costs for Company
    SolarWinds expects to incur the additional expenses throughout 2021.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Channel Partners Virtual 2021 Is Here — Take Advantage of the Amazing Content
  • Mapping the Ransomware Landscape
  • Welcome to the 2021 MSP 501 — Apply Now!
  • IGEL Integrates Amazon WorkSpaces DaaS with Its Virtual Endpoint OS

Galleries

View all

Channel Partners Virtual 2021 Is the Hottest Ticket in Town

February 26, 2021

Industry Perspectives

View all

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Three Ways MSPs Can Improve Supply Chain Security

February 24, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Why Fortinet for my MSSP? @EXN_Networks dlvr.it/Rtr1JS https://t.co/VV1dfuEK3r

March 2, 2021
ChannelFutures

Small and Mid-Size Business Security: 4 Steps to Success @EXN_Networks dlvr.it/Rtr1J9 https://t.co/ENfDHBfajN

March 2, 2021
ChannelFutures

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul @EXN_Networks dlvr.it/Rtr1Hq https://t.co/3aAZL31Y2e

March 2, 2021
ChannelFutures

Mapping the Ransomware Landscape @EXN_Networks dlvr.it/Rtr1F6 https://t.co/oTSoIJKlA5

March 2, 2021
ChannelFutures

Top 5 Considerations when Selecting an EDR Solution @EXN_Networks dlvr.it/Rtqt8V https://t.co/g9VLXbj2Rx

March 2, 2021
ChannelFutures

[email protected] launches new #partnerprogram. #zerotrust dlvr.it/RtqhZB https://t.co/yIUhvYkYUs

March 2, 2021
ChannelFutures

RT @ChannelEurope: @Arcserve and @StorageCraft agree to merge, expanding both #dataprotection vendors' market from #SMB to enterprise >> ht…

March 2, 2021
ChannelFutures

Learn how to protect your #backup files. @Datto #MSP #SMB #BCDR #cybersecurity #ransomware #businesscontinuity… twitter.com/i/web/status/1…

March 2, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X