KnowBe4 Security Awareness Training Blog

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

Written by Stu Sjouwerman | Nov 27, 2020 4:52:05 PM

ZDNet's Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:

"A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.  The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as:

  • CEO - chief executive officer
  • COO - chief operating officer
  • CFO - chief financial officer or chief financial controller
  • CMO - chief marketing officer
  • CTOs - chief technology officer
  • President
  • Vice president
  • Executive Assistant
  • Finance Manager
  • Accountant
  • Director
  • Finance Director
  • Financial Controller
  • Accounts Payable

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.

The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.

I don't have to tell you the risks that this brings related to CEO Fraud, also known as Business Email Compromise. ZDNet has the full story:

https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/