Introduction
ProcessBolt ThreatScape is an attack surface monitoring tool that uses publicly available information to analyze the strength of an organization’s information security program. ThreatScape accomplishes this by inventorying and monitoring an organization’s internet-facing attack surface, which can expose weaknesses in a company’s security posture.
In 2023, we leveraged ThreatScape data to predict 50 organizations that we thought were likely to be breached based on weaknesses in their attack surfaces. While we expected maybe one or two of the organizations to be breached, it turns out that 9 of the 50 organizations were victims of various sorts of cybersecurity incidents in 2023 that were publicly disclosed.
Using data we have on hundreds of thousands of organizations and machine learning, we did a similar analysis to predict 50 companies we think are candidates to be breached in 2024.
Attached is a list of partially redacted bcrypt hashes of organization names we think are good candidates to be breached in 2024. We don’t want to create any targets, so we are only publishing partially redacted hashes. If any of these organizations announce a breach, we will then disclose their position on the list.
Methodology
Over the years we have noticed common indicators of weakness for organizations that have announced breaches. In other words, there seemed to be some common characteristics that became a recognizable pattern over time. We even gave these types of organizations a label internally. We call them a “Dumpster Fire”. As can be seen from our 2023 predictions, there is a strong relationship between organizations with “Dumpster Fire” characteristics and organizations that experience a breach.
As mentioned above, we don’t want to create any targets, so we are not going to disclose at this time exactly what indicators we use to identify a possible Dumpster Fire.
There are exceptions to most of the following, but in general, the organizations on the list:
Are mid-sized organizations. Very small organizations without a meaningful internet footprint are difficult, if not impossible, to gather any statistically significant information about. On the other end, extremely large organizations often have many sub-organizations within them and are dealing with cybersecurity incidents daily, so they are not very interesting.
- Are likely to have some data that somebody would want to steal.
- Would likely be required to disclose a breach if data was exfiltrated.
- Are not current ProcessBolt customers.
The 50 Companies We Predict that will be Hacked in 2024
- $2a$14$kNoha3/ZPMLj6xzUs0VnK.hLA99oPbmo2GQUFi7dxCboc……..
- $2a$14$DIyglIkzHOQykH.u3n0PTelhkxGUOQHlWM6V9lQEsEkyO……..
- $2a$14$WhVvpX5Fld0uqqDH0Tx89em7f32o7PsxQAbqwg4VIO3V3……..
- $2a$14$heVYF/yacwluhe225pyp7eHTDbPLNKr6XYnxUoRbPqeEI……..
- $2a$14$MiB45EmbWxtJ/KpAjH0Ecu780w.C1ZWFG7YhXLZDzkERz……..
- $2a$14$bJfEa9DFepFIj02UTcatN.Y6mw70xeLwaJ8tY6iMxuB6a……..
- $2a$14$u9PaaLHZZgMwlzkOuRvfiulMov63xKcB7bjrymr0pEGeA……..
- $2a$14$15zc9Mja3.C6ywNOXOQlnut0IvuYAnc.jdaz///QHWZ6e……..
- $2a$14$ow/SoFgLmj.uOYu6cmwjLeMAxLuW/NfE/W/4aaMQQ1pDB……..
- $2a$14$auO4op5Y4D0XBMxENERtE.y2LWEhETlv07oNhXwhZcY5B……..
- $2a$14$L/.3WgelblEv7CfGZ72xi.9IjJtqPGhahzjJdFSzBs8jM……..
- $2a$14$OTjmJrBQEfoA/EZq4B2JD.9ig6DTDeXOHX0pydcCiz.W………
- $2a$14$t6gAQS02GbRwVMIgMG4u8e9sqcIl1q11YaxlxR1NvBYjJ……..
- $2a$14$emluGsVbX2jMLzG/k1j5pOUwHwsD5uqef8wQ5h/3o.ioL……..
- $2a$14$JUfQNPmxfMvwypIqdTDDGO8yTALKcGjEXKFnOOIcGKTpx……..
- $2a$14$FfbTRXn4zU0ePcaQvpbyvuGo45e9SatiPKp5qv5GDNaDY……..
- $2a$14$baAEAJPuIWbBlSUcCJ7YQ.NDXB1JQN6lgkB7/Wg672pQh……..
- $2a$14$I0OIHSQtf3oaDXujpfIVI.e/ZQwdoJCaBMXQ1jBSdW0qK……..
- $2a$14$NUrvsa3r3x7Id5BWmil0.uGbDGOZe7ZPPDecIz6cR5nLL……..
- $2a$14$IUYSBVMyNQV0B8M5ceNdvejV6PcbVjH8CiyhaY9M4Q9nd……..
- $2a$14$wSQN/aq6IZ/dsn01linua.JxIEqRXyr51GpfCVyjk/C47……..
- $2a$14$I4Q1AEIUec64VVGCH94p2enzuuXfkwfTawsI3Odx31lCh……..
- $2a$14$Y0dgOAZUTgYne.Q.HxtdWewe1UDRJBiTF6ZmugPcf7j1B……..
- $2a$14$IvtmWg0SJuS.Y1yIkGpVTOtPPr8PyEiGLsYmImyo6Tsd/……..
- $2a$14$3yEZXBYZf29/9RfbbBd3B.Qq2LUL5PJae/UIQ26O2tWyi……..
- $2a$14$HhfB1VQ4VdU1UA68q9DVle.FfsZCJCf.YDco9C3QYSvEq……..
- $2a$14$p0gZViW122cLwZLvw0bYqekLhCkXqT92f13Cx9CTzC50u……..
- $2a$14$sMRglhiGPFB8hF/N.dgafuievByT66J1w.dcsV7VjsfQ/……..
- $2a$14$T.hYy2vvFbC5r1WWWJkqY.ziugJnVYkVaKdD2C66MTYhx……..
- $2a$14$YIl99diuSVLNf05LH48/rOHhricIcxDM8i5XgTRf1MsJZ……..
- $2a$14$ZGDlUmex4f64yLZ2Coc1kuHF8hda6/E6wQPwmtF3s/f69……..
- $2a$14$0uSXGqHMIdgUVSFNeI3IieTipnQtdD.HK82rUuh.QvSK4……..
- $2a$14$QrE5NStC..kc.O1TKiih1uxJfE4w1stvKgxTxJDPhk3Rb……..
- $2a$14$u1pciDlMAewXpgEuK3IRlur/N5y18bUeuYxIpbblRPCz1……..
- $2a$14$AKkr.ApfbLKFVDxnr2KebutdJJoVKA3/NDt.vbJqwPAqr……..
- $2a$14$NzTHC2JzGvSDzNYHsG/s/ONfJZ2QXkE/iPh1XlxIp/yw7……..
- $2a$14$UA6D7/UG4OtifyuQX4YBAeys9IkQSEUHAHUcrqzGlzUve……..
- $2a$14$z11FmB5GhBOepCFy2w3Wy.6gsfekSxzIFUFlY1UgXfyau……..
- $2a$14$enl9bV1VL/UaJQdjMWDAEecTCFeQyN6E5QTu7AtGx.QMb……..
- $2a$14$1jnFATmz0qABWQDtn6n.O.UVaVFIZrIw8mgd4MGc80.0b……..
- $2a$14$Z9vro1GnC7T04vz0ZhPEy.eJ1kivDLrD/3ABurpaiJYlv……..
- $2a$14$rTPZVhG1IaFwjTL13Baddu1dTIwUWqk7SKeJQE1r5dMWw……..
- $2a$14$RbHYcDF2Csphc2tqTd5l7ON2wGm0HoMjfqVMFJlP1Acj3……..
- $2a$14$j8gAeHiHZyNoMdLnmHxngeuMtE6a/h9o5WsqwG1lNpfX7……..
- $2a$14$ae2vUIiGLGx4wy21tesRJ.oEGyb6wXUcT469cCYIzFJiO……..
- $2a$14$rGdg.gkMkKFaGWCo.sPJAuX6W8nbrfn4Q3X96xXLaSC9I……..
- $2a$14$Bn8lCHY2lNE7IDrxUnQb1ey8oXVC.xNDxE1/AxVuKnNI2……..
- $2a$14$7AWUnRW8xpqbgrXCiyY3bORnVsvlIrfbWojOYn0u.HpRh……..
- $2a$14$YHGTUPvCA5D4EshRAJEa7u8XGJ0gM/2CFgqCQ6L7IiH8i……..
- $2a$14$BgUXqmevLK26l1JbgQ6OuuZHCC6OC4.mOWZO2uXpXb4pr……..
Conclusion
As the cost and frequency of data breaches continue to skyrocket, it is surprising to us that there are so many Dumpster Fires out there that have weaknesses that can be exploited by bad actors. Please feel free to contact us if you would like to know if your organization or a vendor of your choice is on this list, and we can even provide you with a complimentary ThreatScape report for your organization. We can also show you how to use ThreatScape, along with the entire ProcessBolt AI platform, to make sure information security is built into your supply chain.
Stay tuned…