The credentials of 1570 network administrators came under the control of attackers.
Resecurity experts have identified more than 1,570 compromised customer credentials in the Dark Web for four of the five largest Internet registrars (RIRs), including RIPE, APNIC, AFRINIC, and LACNIC. Only ARIN, which is responsible for North America, escaped being compromised.
Data was stolen as a result of infostealer infection, which confirms the threat to employees involved in network engineering and IT infrastructure management.
Five Internet registrars responsible for IP address allocation
Resecurity has notified victims that their data was compromised as a result of using the Azorult, Redline, Vidar, Lumma and Taurus infostilers. Collecting feedback allowed experts to generate the following statistics:
Among the affected organizations are large financial institutions, research organizations and IT consulting firms from different countries.
Especially worryingly, most network administrators used emails registered on free platforms such as Gmail, GMX, and Yahoo to work. Cybercriminals, having access to network settings, can make changes, creating risks for the infrastructure of enterprises.
Resecurity experts emphasize the growing risks associated with the dark web. Attackers can use credentials to access identity management systems, virtualization, cloud services, backup and disaster recovery systems. Employees who manage networks and IT infrastructure are at high risk.
Resecurity experts have identified more than 1,570 compromised customer credentials in the Dark Web for four of the five largest Internet registrars (RIRs), including RIPE, APNIC, AFRINIC, and LACNIC. Only ARIN, which is responsible for North America, escaped being compromised.
Data was stolen as a result of infostealer infection, which confirms the threat to employees involved in network engineering and IT infrastructure management.
Five Internet registrars responsible for IP address allocation
Resecurity has notified victims that their data was compromised as a result of using the Azorult, Redline, Vidar, Lumma and Taurus infostilers. Collecting feedback allowed experts to generate the following statistics:
- 45% of respondents did not know about the compromise of their data until they were notified;
- 16% were already aware and took the necessary security measures;
- 14% found out about the compromise, but activated two-factor authentication (2FA) only after being notified;
- 20% recognized the need for a more in-depth investigation of the incident;
- 5% were unable to provide feedback or find a responsible person in their organization.
Among the affected organizations are large financial institutions, research organizations and IT consulting firms from different countries.
Especially worryingly, most network administrators used emails registered on free platforms such as Gmail, GMX, and Yahoo to work. Cybercriminals, having access to network settings, can make changes, creating risks for the infrastructure of enterprises.
Resecurity experts emphasize the growing risks associated with the dark web. Attackers can use credentials to access identity management systems, virtualization, cloud services, backup and disaster recovery systems. Employees who manage networks and IT infrastructure are at high risk.
