Hackers have been discovered selling access to email accounts held by hundreds of senior corporate executives.
The accounts are currently posted for sale on Exploit.in – a Russian hacking forum that provides closed access to listings for hacking tools and previously breached data. According to initial research by cybersecurity experts, the email accounts belong to important C-Suite execs at a cross-section of well-known organizations.
The email accounts being sold by cybercriminals appear to consist only of email addresses and password combinations for Office 365 and Microsoft accounts. In the illicit listing, the hacker claims to provide access to email accounts held by high-level personnel:
- CEO - Chief Executive Officer
- COO - Chief Operating Officer
- CFO - Chief Financial Officer/Chief Financial Fontroller
- CMO - Chief Marketing Officer
- CTOs - Chief Technical Officer/Chief Technology Officer
- Vice president
- Executive Assistant
- Finance Manager
- Finance Director
- Financial Controller
- Accounts Payables
This is a hugely sensitive list of email credentials that could allow hackers to target huge numbers of staff using social engineering techniques. These kinds of attacks trick victims into believing they are genuinely being messaged by senior members of staff at the company where they work.
Hackers understand that by posing as someone high-up in a business, they can easily trick employees into providing their sensitive personal information, corporate data such as intellectual property, consumer data, passwords and account data, and potentially even payment details.
Business Email Compromise
In recent years there has been a spate of attacks in which hackers have fooled staff into believing a senior exec is asking them to transfer funds from a corporate account. This exploitative attack vector, known as Business Email Compromise (BEC) has resulted in hundreds of thousands of dollars being wired from businesses to accounts held by scammers.
With such a large cache of corporate email addresses known to be circulating on criminal forums, it is vital for companies to raise the alarm and educate staff over the potential for legitimate-looking emails to trick them.
According to cybersecurity researchers who analyzed some Exploit.in listings, the hacked email accounts include the head of a mid-sized American software company, a high-up exec at a UK business management consulting agency, the president of a US clothing company, and the CFO of a European retailer. This sheds light on the international scope of the problem.
According to the researchers who worked on condition of anonymity, each listing is selling for between $100 and $1500 – depending on the importance of the individual and the company involved.
The samples acquired by the researchers have now been validated, and known victims have been contacted so they can secure their accounts and send out internal memos warning staff of potential threats.
Cyber-intelligence and threat monitoring firm KELA has stated that the credentials may have been stolen from victims via the use of sophisticated malware called AzorUlt. According to KELA, the seller previously showed interest in the Trojan on the hacking forum.
AzoUlt is a trojan that permits hackers to steal data from infected machines – including browsing history, usernames and passwords, account information for FTP clients, and cryptocurrency accounts or wallet information. It can also communicate with a Command and Control (C&C) server to send back stolen information and download secondary exploits such as keyloggers.
Companies must act
With so many people working from home due to lockdown, businesses must take the time to warn their employees of the potential risks caused by these kinds of data breaches and account takeovers.
In light of the current situation, employees should be warned to always double-check and verify any irregular requests that arrive via seemingly legitimate channels such as their boss's email address.
Executive-level email accounts can be leveraged for the purposes of phishing, social engineering, and even blackmail, and these threats are known to be heightened when staff are working from home and are more susceptible to being hoodwinked.
2020 has seen a rise in criminal activity with more businesses and individuals targeted by scams than ever before. Jay Clayton, Securities and Exchange Commission (SEC) Chairman has gone on record to warn of an increase in criminal activity noted in 2020.
Cyber risks have not gone away with the unfortunate, unforeseen risks we've faced with Covid and other uncertainties in our economy. They're still there, and they're there more than ever.
Cybersecurity incidents are on the rise, and it's something we all need to continue to pay attention to.
With the pandemic still far from over, it is vital for companies to take these threats seriously because failure to spot fake emails and BEC fraud can result in extremely costly repercussions.