Hacker selling CEO, CFO email accounts for as less as Rs 7,400

Date:

A hacker is selling passwords for the Microsoft email accounts of hundreds of top-level executives including CEOs, CFOs, and CMOs on the Dark Web for nearly $100-$1,500 (nearly Rs 7,400-Rs 1.1 lakh) per account.

According to a report in ZDNet late on Friday, the threat actor is currently selling email and password combinations for Office 365 and Microsoft accounts of C-level executives, and the selling price is set depending upon the company size and the role of the executive.

“The data is being sold on a closed-access underground forum for Russian-speaking hackers called exploit. in”.

The high-level employees at risk include chief executive officers, chief operating officers, chief financial officers, chief marketing officers, chief technology officers, presidents, vice presidents, and company directors, among others.

The cover security researcher who agreed to contact the seller to obtain samples “confirmed the validity of the data and obtained valid credentials for two accounts”.

The email accounts belong to the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain, according to the report.

“The seller refused to share how he obtained the log-in credentials but said he had hundreds more to sell”.

According to data provided by threat intelligence firm KELA, the same hacker previously expressed interest in buying “Azor logs,” a term that refers to data collected from computers infected with the AzorUlt info-stealer trojan.

Compromised corporate email accounts are goldmines for cybercriminals as “they can be monetized in many different ways,” KELA Product Manager Raveed Laeb was quoted as saying.

Most likely, the compromised emails can be abused for CEO scams, also known as Business Email Compromise (BEC) scams which are on the rise globally including in India.

Global cybersecurity firm Trend Micro recently said it blocked 438 million email-borne cyber threats in India in the first half of this year which represented the third-highest numbers in Asia.

Business Email Compromise (BEC) detections increased by 18 percent from the second half of 2019, in part due to scammers trying to capitalize on home workers being more exposed to social engineering.

Educational institutions are more than twice as vulnerable to a carefully-crafted BEC attack than an average organization, according to the latest report by Barracuda Networks, a leading provider of cloud-enabled security solutions.

Using this form of attack, threat actors have taken hold of schools, resulting in devastating losses. Such spear-phishing attacks hit the Indian education sector hard between June and September, affecting more than 1,000 schools, colleges, and universities, according to the report that came out earlier this month.

Spear phishing is a personalized phishing attack that targets a specific organization or individual.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

spot_img

Popular

More like this
Related

Update on ‘Jailer 2’ Shooting Schedule!

Superstar Rajinikanth's mass action-emotional entertainer Jailer, directed by Nelson...

Exclusive: Special Mahal Built for ‘The Raja Saab’ Climax!

A massive Pan India film titled The Raja Saab...

New Rumors Fuel the Buzz Around ‘War 2’!

The idea of a Telugu movie collecting ₹1000 crores...

“‘Pottel’ Now Streaming on OTT!”

The movie ‘Pottel’, which brought a unique storyline to...