Spike in Credential Leaks for the Pharmaceutical and Biotech Industry
May 26, 2020 • Allan Liska
Recorded Future noted a spike in the relative number of credential leaks from the pharmaceutical and biotechnology sector compared to all credential leaks between November of 2019 and March of 2020. The number of credentials that are leaked vary greatly from month to month — a large credential dump can cause numbers for a given month to increase dramatically, and many of those credentials may be repackaged from previous leaks. That’s why this report looks at the percentage of leaks tied to the pharmaceutical and biotechnology industry, rather than the absolute numbers, as it provides a more accurate picture of the situation.
The image below shows leaked credentials from the pharmaceutical and biotechnology industry tracked by Recorded Future between April 1, 2019 and April 30, 2020.
Overall, the pharmaceutical and biotechnology industry accounted for .07% of leaked credentials during this period. However, there was a noticeable jump starting in November of 2019 and ending in February, which significantly skewed the average — the median percentage during this time is .03%.
The image below shows the percentages of leaked credentials belonging to accounts tied to the pharmaceutical and biotechnology industry. November of 2019 saw the percentage jump to .24%, then the percentage reverted to the median of .03% in December, and it then jumped to .07% in January, .11% in February, and .06% in March. These are statistically significant increases. So, while the percentages of leaked credentials belonging to accounts associated with the pharmaceutical and biotechnology industry is small overall, there was definitely a significant increase.
In reviewing reports of large credential dumps, there do not seem to be any that were specific to the pharmaceutical and biotechnology industry during that period. An industry-specific credential dump would normally account for a spike in percentage. At this point, there is not a definitive answer as to why the spike occurred during this period, and any explanation based on available data would be pure speculation. That being said, given the statistical significance of the spike, it is unlikely that the increase was random chance.
Sign up for Recorded Future Express, our free browser extension, today to more efficiently prioritize alerts, incidents, and vulnerabilities.