Friday, July 23, 2021

Hacker is selling passwords of the email accounts of hundreds of C-level executives

Must Read

Ongoing ransomware attack leaves systems badly affected, says Scottish Environmental Regulator

About a month after the first attack, the Scottish Environmental Protection Agency (SEPA) systems remained offline - and stolen...

Microsoft Researchers reveals 3 New Malware Strains Used by SolarWinds Hackers

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. FireEye and...

Brave browser disables Google’s FLoC ad-tracking technology

Brave, a Chromium-based browser, has removed FLoC, Google's controversial alternative identifier to third-party cookies for tracking users across websites. Brave...

Access is offered for $100 to $1500 per account, based on the business size and exec role.

A Threat Actor is presently selling passwords to the email reports of countless C-level executives in firms throughout the world.

The Threat actor is promoting email and password combinations such as Office 365 and Microsoft accounts, which he asserts are possessed by high tech executives occupying functions for example:

The vendor’s Posted an advertisement on Exploit.in For Mass Scale of Sale of those accounts.

A resource in the cyber-security community that agreed to speak to the vendor to get samples have confirmed the validity of their information and got legitimate credentials for 2 reports, the CEO of a US medium-sized software provider and that the CFO of an EU-based retail shop chain.

The seller posted two business’s data publicly as people evidence they had legitimate data to market.

All these were login information for an executive in a UK company management consulting bureau and the president of a US apparel and accessories manufacturer.

In reality, Seller additionally posted Sample login as people evidence.

The seller refused to discuss the way he got the login credentials but stated he has thousands more to sell in the market.

Based on information supplied by threat intelligence company KELA the identical threat actor had expressed interest in purchasing”Azor logs,” an expression that pertains to information gathered from computers infected with an AzorUlt info-stealer trojan.

Infostealer logs nearly always contain usernames and passwords the trojan extracts from browsers located installed on hosts that are infected.

This information can be collected by the info stealer operators, who filter and then arrange this, then put it on the market on committed markets such as Genesis, on hacking forums, or else they market it to other cybercrime gangs.

“Attackers can use them for internal communications as part of a CEO scam’ – in which offenders manipulate workers into wiring large quantities of cash; they may be utilized to be able to get sensitive data as part of an extortion scheme; yet, these credentials may also be manipulated as a way to get access to additional internal systems which need email-based 2FA, to transfer laterally in the business and run a community intrusion,” Laeb added.

However, most probably, the endangered emails will be purchased and mistreated for CEO scams, also called BEC scams.

According to an FBI report this season, BEC scams were, undoubtedly, the most popular kind of cybercrime in 2019, with accounted for half of those cybercrime losses reported annually.

The simplest method of preventing hackers from monetizing any sort of stolen certificate would be to utilize a two-step confirmation (2SV) or two-factor authentication (2FA) alternative to your accounts.

Even if hackers can steal login information, they’ll be useless without the appropriate 2SV/2FA added verifier.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This