Present Blog – IT Thought Leadership

phishingDo you think that using a remote desktop (RDP and or VPN) or M365, in these remote working times, is safe, just because you use complex and unique passwords that you change regularly?

While to some extent you are correct in believing this, it does not in any way prevent your user accounts and their credentials from being compromised and offered for sale on the Dark Web.
How to know if your sensitive business data is already on the Dark Web?

First of all, what is the Dark Web, and who are the main players?


The market place


The Dark Web is a marketplace primarily used by cybercriminals.

Stolen files including identity and credit card information are offered for sale there. 15 billion identifications are said to be in circulation there.



Following a data breach, attackers will typically post or sell the information they've collected on the Dark Web.

Malicious buyers then use these stolen credentials to impersonate the owner in order to commit theft or other types of fraud. Since the vast majority of users reuse the same passwords across multiple sites, cybercriminals have access to them as well.

The same is true for corporate access, whether it is SaaS services, VPN access, or internal systems.


What organization wouldn't want to know if their credentials are available on the Dark Web!

Your MSSP can provide you with the results of a recognition audit that identifies your information that is exposed online.


The risk

With the increasing number and sophistication of attacks, and the ability of adversaries to move sideways within infected networks, the credentials of a single employee may be enough to put an entire organization at risk.

And what's more, many times breaches are not detected until after it's discovered that the compromised sensitive information has been posted or is for sale on the Dark Web.

According to the Cost of a Data Breach 2020 report, the average time to identify and contain a data breach is 280 days or approximately 9 months.


So how do you prevent your credentials from being sold on the Dark Web?

Any data breach risks ending up on the Dark Web, as attackers can reap substantial gains, too often with impunity. This in turn feeds new attacks and new data breaches.

To strengthen your cybersecurity, you need to adopt the essential measures that Present can help you put in place.

  • Immediately change the passwords of your accounts for all the services and applications you use
    • You should only use strong and distinct passwords for each service or application. To do this, you should use a corporate password manager such as Passportal.
  • Enable multi-factor authentication (MFA) including for your password manager.
    • According to Microsoft, the vast majority of account hijacking attacks can be blocked with multi-factor authentication (MFA). MFA adds an extra layer of protection, making it much more difficult for cybercriminals to log in as someone else.

    • You should use an app like Microsoft Authenticator for the second factor, rather than SMS.

  • Perform a security audit
    • It is about identifying as quickly as possible the vulnerabilities that may have been caused as a result of the data breach.
  • Train and educate users
    • Knowing that employee credentials have been compromised, it is essential to conduct training to educate employees about cyber threats and how to spot them to mitigate attacks. Present is a partner of Terranova.

  • Configure DKIM, SPF and DMARC records to stop email spoofing and phishing
    • Configuring SPF, DKIM, and DMARC for your domains makes it very difficult for a malicious actor to send emails masquerading as your organization.

    • Present has the expertise to effectively combat phishing and spamming for M365 and other messaging.

  • Subscribe to a 24/7 dark web monitoring service
    • It is also important to mention that since data leaks occur regularly, frequent searches of the Dark Web are necessary in order to be able to act quickly in the event of compromise and exposure.
  • Embrace a Zero Trust mindset without limiting yourself to MFA and endpoint protection
    • Take the example of an attacker who has acquired the credentials of a legitimate user on the Dark Web and tries to gain access to your organization's resources.

    • First, a Zero Trust approach requires multi-factor authentication of users, and therefore makes credential theft ineffective, or at the very least much more difficult.

    • But assuming the attacker passes the first test, since he is using an unauthorized device, through remote access, he will fail authentication and access will be denied.

    • In a traditional approach, having only basic user credentials would allow access.



A company's image is based in part on its ability to demonstrate that it is deploying the required measures and the means at its disposal to ensure the security of the data of its customers, partners and employees.

In this sense, IT risk is a major business risk that must be managed.

Hence the importance of protecting your data and preventing it at all costs from being exposed on the Dark Web.

Contact one of our specialists for a preliminary assessment.

New call-to-action