Categories: Data Breach News InfoSec News

C-Suite Emails Compromised, Data Up for Sale on Dark Web

Published by
RiSec.Mitch

An unknown hacker is selling Microsoft and Office 365 email account credentials of hundreds of C-level executives on an underground forum.

There’s no shortage of cybersecurity incidents, as is evident this year. Now, an anonymous hacker is reportedly selling Microsoft and Office 365 account data of hundreds of top executives in leadership roles from countries worldwide.

This data includes credentials (usernames and passwords) of executives such as the company president, vice president, chief operating officer (COO), chief financial officer, chief technology officer (CTO), chief marketing officer (CMO), and even the chief executive officer (CEO).

The data is being sold on an underground forum exploit.in, as discovered by ZDNet. Since exploit.in is off-limits to the general public, ZDNet confirmed the legitimacy of the account credentials with the help of an anonymous source from the cybersecurity community.

A Screen of the Ad on Exploit.in

The source obtained credentials of two accounts — one of them being the CEO of a medium-sized software company based in the U.S. and the other a CFO of a European retail store chain. According to the source, hundreds of other user credentials are put up for sale, each with a price tag hovering between $100 to $1500 per user account.

The seller refused to divulge how they got the data, but it is widely speculated that AzorUlt trojan was used. AzorUlt is used to obtain information from infected computers, called Azor logs. Cyber threat intelligence company KELA told ZDNet that the same malicious actor had previously shown interest in procuring these Azor logs.

The executives whose accounts have been compromised could also find themselves a target of business email compromise (BEC) attacks. In 2019, the FBI received 23,775 BEC attack complaints, which resulted in losses of more than $1.7 billion, totaling half of the total cyber crime-related losses in the year. Later, between April and May 2020 BEC attacks increased 200%, making it one of the most preferred and successful cyber fraud methods.

BEC is also the #1 source of payment fraud attempts on U.S-based organizations in 2019, wherein 75% of organizations were the targets of such attacks. Besides BEC attacks, credentials on sale also expose the account and the sensitive company information to external malicious actors and competitors.

Bookmark
Please login to bookmark Close
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it

This post was last modified on 31 December 2021 4:22 PM

RiSec.Mitch

Just your average information security researcher from Delaware US.

Leave a Comment
Published by
RiSec.Mitch
Tags: account data C-Suite data leak cybersecurity news data for sale dark web Microsoft and Office 365 account data MS news cyber security Office 365

Recent Posts

  • Data Breach News
  • InfoSec News

WH Smith Announces Cyber-Attack: Employee Data Stolen

British high street chain WH Smith has recently revealed that it was hit by a…

2 years ago
  • InfoSec News
  • World Affairs

Voice ID: How Secure is it Really?

As banks worldwide roll out Voice ID as a means of user authentication over the…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

What distinguishes Application Security from API Security?

In the era of digital transformation, cybersecurity has become a major concern for businesses. When…

2 years ago
  • Cybersecurity Academy
  • InfoSec News

The Top 5 Cybersecurity threats facing Businesses Today

In today's digital age, cybersecurity threats have become a significant concern for businesses of all…

2 years ago
  • InfoSec News
  • World Affairs

Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer

The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…

2 years ago
  • Cybersecurity Academy

The Rise and Rise of AI

One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…

2 years ago