Security News > 2021 > June > What happens to email accounts once credentials are compromised?

Agari researchers entered unique credentials belonging to fake personas into phishing sites posing as widely used enterprise applications, and waited to see what the phishers would do next with the compromised accounts.

They found that 23% of all accounts were accessed almost immediately, 50% of the accounts were accessed manually withing 12 hours after compromise, and that 91% of the compromised accounts were accessed manually within the first week.

They detected activity in nearly 40% of their "Compromised" accounts.

"Although a majority of the compromised accounts were only accessed one time, a number of the accounts were accessed repeatedly over an extended period of time. In fact, one account was accessed 94 times over a four-and-a-half month period, a great example of the persistent and continuous access cybercriminals maintain on compromised email accounts," they noted.

Mostly, the attackers used the hijacked email accounts to send out more phishing emails, sometimes targeting specific industries and sometimes a wide variety of them, and to set up additional business email compromise infrastructure.

Compromised accounts lead to phishing emails and to more compromised accounts and more phishing - and so on and so forth, in a neverending circle that should be stopped.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9uHSXma_3G8/