Security News > 2021 > January > Enterprise Credentials Publicly Exposed by Cybercriminals

Enterprise Credentials Publicly Exposed by Cybercriminals
2021-01-21 17:45

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.

As part of the campaign, the attackers were able to successfully bypass Microsoft Office 365 Advanced Threat Protection filtering, which allowed them to harvest more than a thousand credentials from victims.

According to Check Point, the miscreants behind the campaign made a simple mistake that eventually resulted in the stolen credentials being publicly accessible on the Internet, "Across dozens of drop-zone servers used by the attackers."

The cybercriminals employed both their own infrastructure to host domains used in the phishing attacks, and dozens of compromised WordPress websites that were used as drop-zone servers.

Once sent to the drop-zone servers, the stolen data was saved in files that were publicly accessible, thus indexable by Google, meaning that anyone could have located the stolen email address credentials via the popular search engine.

Check Point says it informed Google on the issue, and "Victims now can use Google search capabilities to look for their stolen credentials and change their passwords accordingly."


News URL

http://feedproxy.google.com/~r/Securityweek/~3/jo6dTYcNlxQ/enterprise-credentials-publicly-exposed-cybercriminals