Sunday, October 17, 2021

Hacker is selling passwords of the email accounts of hundreds of C-level executives

Must Read

Chrome and Microsoft Edge Malicious extensions hit 30 lakh Users

Threat Intelligence researchers from cybersecurity firm Avast have identified malware hidden in at least 28 third-party Google Chrome and...

SolarWinds hackers downloaded Azure, Exchange, and Intune source code says Microsoft

Microsoft's security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers...

Microsoft releases tool for Exchange Server hacks

Microsoft has released a one-click mitigation tool as a stop-gap for IT admins who still need to apply security...

Access is offered for $100 to $1500 per account, based on the business size and exec role.

A Threat Actor is presently selling passwords to the email reports of countless C-level executives in firms throughout the world.

The Threat actor is promoting email and password combinations such as Office 365 and Microsoft accounts, which he asserts are possessed by high tech executives occupying functions for example:

The vendor’s Posted an advertisement on Exploit.in For Mass Scale of Sale of those accounts.

A resource in the cyber-security community that agreed to speak to the vendor to get samples have confirmed the validity of their information and got legitimate credentials for 2 reports, the CEO of a US medium-sized software provider and that the CFO of an EU-based retail shop chain.

The seller posted two business’s data publicly as people evidence they had legitimate data to market.

All these were login information for an executive in a UK company management consulting bureau and the president of a US apparel and accessories manufacturer.

In reality, Seller additionally posted Sample login as people evidence.

The seller refused to discuss the way he got the login credentials but stated he has thousands more to sell in the market.

Based on information supplied by threat intelligence company KELA the identical threat actor had expressed interest in purchasing”Azor logs,” an expression that pertains to information gathered from computers infected with an AzorUlt info-stealer trojan.

Infostealer logs nearly always contain usernames and passwords the trojan extracts from browsers located installed on hosts that are infected.

This information can be collected by the info stealer operators, who filter and then arrange this, then put it on the market on committed markets such as Genesis, on hacking forums, or else they market it to other cybercrime gangs.

“Attackers can use them for internal communications as part of a CEO scam’ – in which offenders manipulate workers into wiring large quantities of cash; they may be utilized to be able to get sensitive data as part of an extortion scheme; yet, these credentials may also be manipulated as a way to get access to additional internal systems which need email-based 2FA, to transfer laterally in the business and run a community intrusion,” Laeb added.

However, most probably, the endangered emails will be purchased and mistreated for CEO scams, also called BEC scams.

According to an FBI report this season, BEC scams were, undoubtedly, the most popular kind of cybercrime in 2019, with accounted for half of those cybercrime losses reported annually.

The simplest method of preventing hackers from monetizing any sort of stolen certificate would be to utilize a two-step confirmation (2SV) or two-factor authentication (2FA) alternative to your accounts.

Even if hackers can steal login information, they’ll be useless without the appropriate 2SV/2FA added verifier.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This