Hackers create a specialised economy around hijacked email data

New Delhi:  Hackers have created a specialized economy around email account takeover via methods like brand impersonation, social engineering and spear-phishing, retaining the data for an extended period to make more money by reselling it to another set of cybercriminals on the Dark Web, a new report revealed on Monday.

More than one-third of the hijacked accounts analyzed by researchers at Barracuda, a leading provider of cloud-enabled security and data protection solutions, had attackers dwelling in the report for more than one week.

In 31 per cent of these compromises, one set of attackers focused on compromising accounts and then sold account access to another set of cybercriminals who focused on monetizing the hijacked accounts.

Nearly 20 per cent of compromised accounts appear in at least one online password data breach, which suggests that cybercriminals are exploiting credential reuse across employees’ personal and organization accounts, according to the report.

“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods so they can maximize the ways they can exploit the account, whether that means selling the credentials or using the access themselves”

said Don MacLennan, SVP Engineering, Email Protection at Barracuda.

Barracuda researchers teamed up with leading researchers at the University of California-Berkeley to study the end-to-end lifecycle of a compromised account.

After examining 159 compromised accounts that span 111 organizations, they identified the ways account takeover happens, how long attackers have access to the compromised account, and how attackers use and extract information from these accounts.

Nearly 78 per cent of attackers did not access any applications outside of email.

“Staying informed about the attackers’ behaviour will help organizations remain vigilant and put the proper protection in place so they can defend themselves against these types of attacks and respond quickly if an account is compromised”

suggested MacLennan.