2021 has barely begun and we have already witnessed what appears to be the biggest compilation of breached credentials in our lifetime. The Compilation of Many Breaches (COMB) was recently made available via an online forum, as broken by CyberNews, and contains over 3.2 billion credentials built up of unique pairs of cleartext emails and passwords aggregated from previous leaks, including log-in details from Netflix, LinkedIn, Bitcoin, and more.
This is the second breach compilation of this kind following 2017’s Breach Compilation, though this occurrence contains more than double the number of credentials leaked in that instance. What makes this leak unique, not to mention concerning, is that it is not a sole breach achieved by one cybercriminal, but a meticulous pool of credentials stolen from an unaccountable number of breaches over the last several years.
According to CyberNews, the leaked database includes the same script name, count_total.sh, used in the Breach Compilation of 2017, as well as the scripts query.sh for querying emails and sorter.sh for data management.
At the time of writing it is not known which group or individual is responsible for the COMB leak or exactly how many leaked databases it includes, though CyberNews confirms that the included credentials originate from domains across the globe.
How to protect yourself against COMB and future credential theft
The implication of the COMB leak should frighten SOC teams. Despite calls for improved security hygiene, many users undoubtedly still reuse the same credentials across their personal and professional lives, some of which may be included in the COMB leak. Knowing this, criminals are likely to use these credentials vertically and attempt to log in to other platforms using these details, whilst also pursuing credential stuffing and other malicious attacks against organizations and individuals alike.
To avoid the potentially devastating fallout of the COMB leak, Blueliv recommends CSOs implicate immediate changes to security hygiene, such as multi-factor authentication and an organization-wide refresh of credentials, in conjunction with more advanced measures gathered via a robust threat intelligence platform:
- Implement multifactor authentication: This simple yet imperative tool, be it Google Authenticator, Duo Security, or similar, is both easy to implement and can significantly bolster your employee’s day-to-day security. With multifactor authentication in place, CSOs can rest assured that – regardless of whether an attacker has access to stolen credentials – their teams’ accounts are safe behind other layers of access authentication.
- Protect against stolen credentials: With 81% of breaches being the direct result of stolen credentials – a number which is sure to increase following the COMB leak – CSOs must consider more advanced security tools if they are to mitigate credential-related breaches. Blueliv’s Credentials Module is built to combat this directly, offering actionable insights into leaked data as well as the ability to intercept credentials the moment they move to crimeservers. Blueliv is currently offering a free month of the Credentials Module to help businesses protect themselves against credential theft.
- Update credentials: The credentials leaked in the COMB will undoubtedly encourage a rise in spear-phishing attacks amongst the world’s criminals. To ensure members of your organization do not fall victim to such attacks, employees must be encouraged to change their passwords now, and on a regular basis moving forward. Doing this, and ensuring each credential is unique, can be made easier by a password management tool.
- Know your enemy: The cybercriminal community is becoming increasingly organised, intelligent and targeted in its efforts to infiltrate organizations. To counteract this, organizations would be wise to plan for the ‘what if’ case of their data being stolen. This means investing in threat intelligence that monitors underground circles and communities and offers actionable insights around the actor groups operating there. This gives SOC teams the ability to identify stolen credentials on the dark web and prevent payment fraud, credential sharing, and domain typosquatting.
If CSOs and SOC teams are to prepare for the inevitable onslaught of cyberattacks the COMB leak will bring, they must not only improve the general security hygiene of their organization. They must take proactive steps to ensure they are prepared for the eventuality of credential stuffing or spear-phishing with actionable threat intelligence that gives them the best fighting chance against credential theft.
Blueliv’s Threat Compass offers this and more and is built to help organizations proactively prevent, detect, and remediate data breaches. Threat Compass can radically reduce the cost of a successful breach, mitigate any fallout, and can be the deciding factor in preventing a breach altogether.
If the news of COMB has you concerned about the security of your employees, get in touch today to activate a free month of Blueliv’s Credentials Module and start defending your organization against credential theft.