(KMOX) - An email security firm created thousands of fake business email account credentials to see what cyber criminals would do. What they discovered is that threat actors move quickly and in multiple ways to maximize their profit.
In their report, Anatomy of a Compromised Account, Agari says it seeded more than 8,000 phishing sites that mimic Microsoft Account, Microsoft Office 365, and Adobe Document Cloud login screens. Crane Hassold, Senior Director of Threat Research, says attackers didn't waste time, "about 20% of all of the accounts that were compromised, were accessed manually within an hour of them being compromised. Which was really fast. About 50% were accessed within 12 hours, which again is really fast. And once you get out to about a week almost all the accounts that we had seeded into the phishing sites that were effectively compromised, had been accessed by a cyber criminal."
NEW Security Blog by @CraneHassold - "Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams." Get an in-depth look at how destructive credential phishing attacks can be. https://t.co/RQG5MW09Gl#EmailSecurity #Cybercriminals #phishing #BEC pic.twitter.com/MBCFoCvZIR
— Agari (@AgariInc) June 8, 2021
Hassold says many of the attacks came from Nigeria, but there were also a significant number of threats from the United States.
He says the cyber criminals not only hijacked email accounts, but also planned more sophisticated attacks where they would access network documents and then use real invoices and other files to try and intercept financial transactions. Hassold says the accounts were exploited in other ways, "These accounts were used to send additional phishing campaigns, sometimes in vast numbers. In one case we were able to see an actor that accessed one of our accounts and was trying to send more than 12,000 emails to real estate and title companies in the US."
In a statement, Agari says their research underscores the importance for businesses to prevent a "first compromise" by better securing their email environments.
@2021 Audacy (KMOX). All rights reserved.
