Within a week, hackers gained access to 91 percent of compromised accounts and used them to send bulk credential phishing messages

Within a week, hackers gained access to 91 percent of compromised accounts and used them to send bulk credential phishing messages

Agari made the observations after a six-month-long investigation of more than 8,000 credential phishing sites impersonating Microsoft Account, Microsoft Office 365, and Adobe Document Cloud sites.

Hackers accessed half of all compromised accounts within 12 hours, according to Agari cyber defense firm. Additionally, the firm noted that threat actors accessed more than nine out of ten compromised accounts within the first seven days.

Threat actors accessed compromised accounts almost immediately
Threat actors accessed 91% of compromised accounts within seven days, according to Agari cyber intelligence division (ACID).

Nearly a fifth (18%) of the compromised accounts were accessed within 1 hour, 40% within six hours, and 50% within the first 12 hours. The team also discovered activity in 40% of all compromised accounts within six months.

– Advertisement –
However, hackers accessed 64% of the compromised accounts only once, while some were accessed repeatedly over time.

“In fact, one account was accessed 94 times over a four-and-a-half-month period, a great example of the persistent and continuous access cybercriminals maintain on compromised email accounts,” the report authors noted.

Agari researchers also discovered that close to a quarter (23%) of credential phishing sites used automated credential validation techniques. Contrarily, 92% of compromised accounts were manually accessed by threat actors regardless of whether they were automatically validated or not.

Consequently, the researchers suggested that most automated credential validation sites were created using the same kits.

“Notably, a vast majority of this auto-validation activity came from a small number of phishing site families—phishing sites that are linked to each other based on similar unique characteristics.” More than a third of auto-validation activities were linked to a Russian address 2a00:1838:2a:1505:c267:afff:fe70:f4de.

Some were also linked to phishing kits developed by a threat actor named “MIRCBOOT.” The threat actor sells logs for prices ranging between $8 and $100 depending on the country. The hacker had advertised the kits on telegram channels and a Russian-speaking hacking forum. Threat actors use compromised accounts for business email compromise
The investigation discovered that attackers tried to identify high-value targets with access to a company’s financial information or payment system after gaining access to the compromised accounts. Using these accounts, they could pinpoint vendors and send convincing credential phishing messages and BEC attacks.

“Business email compromise (BEC) remains the most prevalent threat in email security, and when cyber criminals gain access to legitimate email accounts, the problem is magnified,” noted Agari founder and HelpSystems executive strategy director Patrick Peterson. Scammers also created forwarding rules to view incoming and outgoing messages. They also leveraged other applications such as Microsoft OneDrive and Microsoft Teams to create BEC credential phishing infrastructure.

Additionally, they used compromised accounts “to register for a variety services that will allow them to perform reconnaissance and lead generation, deliver emails, host malicious pages, or create malicious documents.”

The News Highlights

  • Within a week, hackers gained access to 91 percent of compromised accounts and used them to send bulk credential phishing messages
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Rhode Island recommends using a universal mask in schools
Rhode Island recommends using a universal mask in schools
“We strongly recommend that school districts set a policy that requires masking in schools this fall regardless of vaccination status in direct correlation ...
LA County COVID-19 hospitalizations nearly double in 2 weeks
LA County COVID-19 hospitalizations nearly double in 2 weeks
“During the winter surge last year, when case rates were increasing four- or five-fold over the course of a month, we saw hospitalizations multiplying in ...
Microsoft Flight Simulator patch Increases FPS Greatly on some PCs
Microsoft Flight Simulator patch Increases FPS Greatly on some PCs
A Reddit megathread has many commenters singing their praises on the update, with users reporting big gains over the previous version without any change in ...
Google Play Protect has once again failed Android security testing
Google Play Protect has once again failed Android security testing
Google’s Android mobile threat protection, which automatically scans over 100 billion apps every day, was introduced during the Google I/O 2017 in May 2017, ...
Financial Severity Responds to Attacks on Legitimate Tax Planning
Celyad Oncology to Announce First Half 2021 Financial Results and Conference Call
Story continues Forward-Looking StatementThis release may contain forward-looking statements, within the meaning of applicable securities laws, including the ...
mParticle Launches Data Privacy and Control Features to Assist Brands in Meeting Apple’s App Tracking Transparency Requirements in iOS 14.5
mParticle Launches Data Privacy and Control Features to Assist Brands in Meeting Apple’s App Tracking Transparency Requirements in iOS 14.5
“Data privacy and governance are critical requirements for brands to address in their data strategy,” said Chee Chew, Chief Product Officer, mParticle. ...
That’s No Moon, a New blockbuster studio boasts a wide variety of talent
That’s No Moon, a New blockbuster studio boasts a wide variety of talent
“We started That’s No Moon with a singular vision of creating unforgettable stories and characters that will define and extend beyond our medium,” said ...
'I want a solution to this problem' |  Business owner in downtown Austin reacts to implementation of camping ban
Love or money: couples who disagree about savings, investments twice as likely to divorce
It’s also worth noting that the research suggests couples tend to become more like one another as time goes by. With this in mind, study authors say financial ...
LG will begin selling iPhones in its retail locations
LG will begin selling iPhones in its retail locations
This is expected to start next month For those who don’t know, LG announced that, after years of losses, it was shutting down its smartphone division. After ...
Marine Products Corporation Reports Second Quarter 2021 Financial Results
Marine Products Corporation Reports Second Quarter 2021 Financial Results
“The extraordinarily high demand for our products has continued unabated, and we expect it to remain so beyond the 2021 retail selling season,” stated Richard ...
Show next
Compsmag - Latest News from tech, business and health
Logo