Popular on eTradeWire


Similar on eTradeWire

Scammers Access 50% of Compromised Accounts Within 12 Hours According to New Research

eTradeWire News/10629673
Email Security Company Agari Identifies How Cybercriminals Use Compromised Accounts with New Insight Into Credential Phishing Scams

FOSTER CITY, Calif. - eTradeWire -- Agari (https://agari.com/) by HelpSystems (https://www.helpsystems.com/), the market share leader in phishing defense (https://agari.com/products/phishing-defense/) for the enterprise, unveiled today the results of an investigation into the anatomy of compromised email accounts. The threat intelligence brief, titled Anatomy of a Compromised Accoun (https://www.agari.com/insights/whitepapers/anat... (https://www.agari.com/insights/whitepapers/anat...), is the first research of its kind, showcasing how threat actors use credential phishing sites to gather passwords, and what they do with them post-compromise.

More on eTradeWire News
The Agari Cyber Intelligence Division (ACID) (https://acid.agari.com/) completed a six-month investigation by seeding more than 8,000 phishing sites mimicking Microsoft Account, Microsoft Office 365, and Adobe Document Cloud login screens. After successfully submitting credentials, the team linked individual phishing attacks to specific actors and their post-compromise actions in order to better understand the lifecycle of the compromised account.

Specific stats uncovered in the extensive research include:
  • 91% of all accounts were manually accessed by threat actors within the first week
  • Half of compromised accounts were accessed within the first 12 hours
  • 23% of phishing sites used automated account validation techniques
  • Threat actors were located in 44 countries worldwide, with 47% in Nigeria
According to Agari, once attackers gained access to the compromised accounts, it became apparent that they wanted to identify high-value targets who have access to a company's financial information or payment system so that they could send vendor email compromise scams more effectively. The accounts were also used for other purposes, including sending malicious emails and using the accounts to register for additional software from which to run their scams.

More on eTradeWire News
"Business email compromise or BEC remains the most prevalent threat in email security, and when cybercriminals gain access to legitimate email accounts, the problem is magnified," states Patrick Peterson, founder of Agari and executive strategy director at HelpSystems. "This research provides key insights into how cybercriminals use these accounts, and underscores the importance of securing your email environment against credential phishing attacks from the beginning."

In one instance, a threat actor used their compromised account to upload two financial documents to the associated OneDrive account—a rental balance sheet and wire instructions for their bank account. Based on the content of these documents, it's likely that they were intended to be used as part of a BEC attack, presumably one impersonating the real estate investment trust and targeting the senior living community operator, trying to trick them into paying more than $200,000 in outstanding rent.

To view a complete copy of the research findings, download the threat intelligence brief (https://www.agari.com/insights/whitepapers/anatomy-compromised-account/).

Contact
Angela Tuzzo
***@mrb-pr.com


Source: Agari
Filed Under: Security

Show All News | Report Violation

0 Comments

Latest on eTradeWire News