重大アクティブトレンド
Critical Risk
95%
Credential Marketplace Exposure
Stolen login pairs sold on criminal forums and dark web markets.
#dark-web#credentials#breach
脅威の概要
After breaches and infostealer infections, credentials appear on dark web marketplaces within hours—sorted by service, country, and account value.
攻撃の挙動
- Bulk sale of email:password pairs
- Session cookies sold separately
- Combo lists used for stuffing attacks
感染経路
- Follows breaches and infostealer exfiltration
- Not direct endpoint infection
症状と指標
- Dark web monitoring alerts
- Account takeover after breach news
- MFA fatigue attacks
即時の緩和策
- Rotate exposed passwords immediately
- Invalidate active sessions
- Enable phishing-resistant MFA
削除ガイド
- Close fraudulent sessions
- Review OAuth app grants
予防方法
- Dark web monitoring
- Unique passwords per service
- Breach notification response playbooks
テレメトリ指標
- Your email domain in stealer logs
- Corporate SSO credentials in combo lists
Infostealer logs often appear within hours. Large breach dumps may be sold in stages over weeks.