This is how fast a password leaked on the web will be tested out by hackers

This is how fast a password leaked on the web will be tested out by hackers

Cybersecurity researchers planted phoney passwords on the web. They found that attackers were extremely quick to test if usernames and passwords worked.

Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible..

Cybersecurity researchers at Agari planted thousands of credentials which were made to look like they belonged to real users, but were in fact of under the control of the researchers, onto websites and forums popular for dumping stolen usernames and passwords.

The false credentials – seeded over the course of six months – were designed to look like compromised logins for well-known cloud software applications.

Researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums.

“About half of of the accounts were accessed within 12 hours of us actually seeding the sites. 20% are accessed within an hour and 40% are accessed within six hours. That really shows you how quickly a compromised account is exploited,” Crane Hassold, senior director of threat research at Agari told ZDNet.

Almost all of the accounts were accessed manually. It might be a mundane task, but ultimately, it proves useful for cyber criminals, as they can accurately test if the credentials do really work.

“It’s a pretty tedious process I’m sure on their end, but they’re getting a lot of good information from it and they’re using the accounts in a variety of different ways for different types of malicious activity,” said Hassold.

For example, by accessing an account, an attacker can attempt to find sensitive information in people’s email inboxes, or even their cloud storage software, which could be stolen and either used to help further attacks or sold on.

There’s also the possibility that the attackers could use the compromised accounts to conduct other attacks, such as phishing or Business Email Compromise (BEC) attacks, using the compromised account in order to launch further campaigns.

One attacker attempted to use a compromised account to conduct BEC attacks against the real estate sector, launching emails that would have attempted to redirect victims to a website to steal login details of real estate companies. However, in this case, because the fake credentials were controlled by researchers, none of the attempted emails actually arrived at their intended destinations.  ReadMore

Source : zdnet


About rajtechnews