According to ZDNet, the data is sold in one underground forum for Russian speakers hackers called Exploit.in.
The hacker sells credentials for accounts Microsoft products and Office 365 and claims to belong to senior executives:
- CEO - Managing Directors
- CFO - CFOs
- CMO - Head Marketing
- Vice Presidents
- Managers etc.
Values for credentials range from $ 100 to $ 1.500, depending on the size of the company and its role user.
A cybersecurity expert contacted the seller to obtain samples and confirmed their validity data. The expert received valid credentials for two accounts belonging to the CEO of an American medium-sized software company and the CFO of an EU-based retail chain.
The expert is in the process of notifying the two companies, but also two other companies for which the seller published the codes access as proof that the data is valid. One of these companies is headquartered in USA and the other in the United Kingdom.
The hacker / seller did not provide information on how he obtained the credentials belonging to the senior executives, but said he had hundreds at his disposal.
According to the security company KELA, the hacker himself had expressed interest in market "Azor logs". This term refers to data collected from computers infected with the AzorUlt info-stealer trojan.
Infostealer logs contain usernames and passwords which extracts the trojan from browsers of infected computers.
This data is often collected by infostealer operators, who steal it, organize it, and then sell it to special markets such as genesis, In hacking forums or others gangs.
"Credentials for corporate emails can be valuable to cyber criminals as they can generate revenue in many different ways."Raveed Laeb, a KELA executive, told ZDNet.
For example, hackers can use credentials to present themselves as high-ranking executives of a company and deceive employees (BEC scams). In these cases the victims usually belong to the financial department and are called upon to make various financial transactions. Thus, the hackers they can ask them to send a large sum of money to an account they handle themselves. Also, credentials can be used for gaining access to sensitive information or other internal systems.
An important step that will protect you even if someone manages to steal your credentials, is application a two-step verification (2SV) or two-factor authentication (2FA) solution. Login credentials will be useless without the appropriate 2SV / 2FA code.