Hackers have created a specialised economy around email account takeover via methods like brand impersonation, social engineering and spear-phishing, retaining the data for long period of time to make more money by reselling it to another set of cybercriminals on the Dark Web, a new report revealed.
More than one-third of the hijacked accounts analysed by researchers at Barracuda, a leading provider of cloud-enabled security and data protection solutions, had attackers dwelling in the account for more than one week.
In 31 per cent of these compromises, one set of attackers focused on compromising accounts and then sold account access to another set of cybercriminals who focused on monetising the hijacked accounts.
Nearly 20 per cent of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees’ personal and organization accounts, according to the report.
“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximise the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said Don MacLennan, SVP Engineering, Email Protection at Barracuda.
Barracuda researchers teamed up with leading researchers at University of California-Berkeley to study the end-to-end lifecycle of a compromised account.
After examining 159 compromised accounts that span 111 organisations, they identified the ways account takeover happens, how long attackers have access to the compromised account, and how attackers use and extract information from these accounts.
Nearly 78 per cent of attackers did not access any applications outside of email.
“Staying informed about the attackers’ behaviour will help organisations remain vigilant and put the proper protection in place so they can defend themselves against these types of attacks and respond quickly if an account is compromised,” suggested MacLennan.