Hundreds Of Email Accounts Of C-Level Executives Are Up For Sale, And It’s Scary!

Must Read

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance,...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy....

The email accounts of numerous C-level executives around the world have been compromised and a threat actor is now selling their credentials online!

According to recently surfaced news, the data is currently being sold in a restricted underground forum for Russian hacked called ‘Exploit.in’. The username and password combinations for the executives are for Office 365 and Microsoft accounts which according to the hacker belong to executives at roles such as CEO, COO, CFO, CTO, President, Vice President and so on. 

Source: KELA

The access to email account of each executive is sold for $100 to $1500, depending on the company size and employee’s role.

Advertisements

But, are these accounts legit?

Yes, they are! A source from the cyber-security community contacted the seller to obtain samples and verified the legitimacy of the threat actor’s claims. The source collected credentials for two accounts, one belonging to the CEO of a U.S medium-sized business and another which belonged to the CFO of an EU-based multi-chain retail outlet. Both of them turned out to be valid.

Source: KELA

The source who requested not to be named also mentioned that the seller refused to answer when asked how did he obtain the login credentials but in turn said that he had many more to sell in the near future as well. 

KELA which is a threat intelligence firm, taking note of this incident reported that the same threat actor had previously shown his interest in buying “Azor logs” which refers to data collected from devices infected with the trojan called “AzonUlt infostealer”.

An infostealer trojan is a notorious malware which logs usernames and passwords from browsers that are infected with it. Later on, the operator who had deployed the infostealer filters, organizes the data and puts it up for sale in various hacking forums.

According to Raveed Laed who is KELA’s Product Manager, this particular hack of corporate email credentials is highly valuable for cybercriminals as there exist number ways in which they can monetize them.

Advertisements

For instance, a cyber attacker armed with this data can use the internal communication of a company and pull of a ‘CEO scam’ wherein they ask employees to wire them large sums of money. This data can also be used by cybercriminal to access other even more sensitive information which can later become a part of an extortion scheme. Or, alternatively, the compromised credentials can also be used to bypass email-based 2FA after which a hacker can conduct a network intrusion.

The recent incident of Twitter hacking is a great example of how hackers can misuse the accounts of who’s who of the industry. Accounts of Elon Musk, Jeff Bezos were used to putting out a tweet asking users to send money to a particular account.

But, nonetheless, it is being predicted that the email login details will mostly be used only in ‘CEO scams’, also known as BEC scams. Why so? Because a report by the FBI indicated that BEC scams were far the most popular form cyber attack in 2019 which accounted for half of all monetary losses in cybercrime. 

So, what exactly can you do to prevent falling prey to attackers who steal your login details in the first place? The easiest way is to set up two-step verification (2SV) or two-factor authentication aka 2FA solution.

By doing this, even if hackers somehow manage to steal your login details, it will be pretty much useless as it would need an additional 2SA or 2FA verifier. We will keep you updated on all future developments. Until then, stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Judgement Day For LG: Time To Bid Adieu To Smartphone Market!

When the going gets tough, the tough get going. But that doesn't seem to fit in case...

Amazon Prime Video: End Of Subscriber Hunt And Beginning Of An Ad-Fuelled Future!

The streaming landscape of India is going through a rapid transformation. Seems like it is no longer about raking in subscribers by...

Why Is Retargeting Touted As A Secret Weapon For Success By Online Marketers

You know that ads play an important role in driving people to your website if you run a small business and sell...

Happy B’day Chad Hurley: The Co-Founder Of The World’s Largest Video Library

Chad Hurley never cared about success, he mended his ideas and tried to garner the fruits from those. But not every time...

Encouraged By Record Profit of RIL, Ambani Wants To Accelerate 5G Arrival in India

Brace yourselves for the sooner-than-anticipated arrival of  Reliance Jio 5G services because the 63-year-old billionaire tycoon Ambani recently pledged to the speedy launch...

How Mobile Is Becoming A Catalyst Of Online Gambling Market Growth

The global online gambling market is now one of the biggest and it is expected to grow up to 127.3 billion US...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This