Hacker Selling Hundreds of Microsoft C-Suite Email Credentials

How Much Are a CEO’s Email IDs Worth? According to a hacker, between $ 100 and $ 1,500 will do, although the specific price is set depending on the size of the business and the person’s role in it. Unfortunately, this is not an exercise: there would be hundreds of C-suite level email credentials being sold on a Russian-speaking underground forum, ZDNet reported on Friday.

ZDNet found that the hacker sells combinations of emails and passwords for Office 365 and Microsoft accounts owned by high level executives such as CEO, COO, CFO, the CMO and the CTO, among others. The hacker posted an announcement for the credentials to Exploit.in, an underground forum for Russian-speaking hackers, as well as login details for an executive at a UK business management consultancy and for the chairman. an American manufacturer of clothing and accessories. to prove that his offer was legitimate.

According to the report, ZDNet worked with an anonymous source in the cybersecurity community who contacted the hacker to obtain samples of the proposed data. The source has gained access to valid login information for two Microsoft accounts. One belonged to the CEO of a mid-sized US software company and the other to the CFO of an EU-based retail chain.

The outlet said the cybersecurity source had confirmed the data to be valid. The source is advising all companies that their executives’ email credentials have been compromised.

Gizmodo contacted Microsoft to ask them to check the report and describe the actions taken.

“We are aware of the report and will do what is necessary to help our customers, ”a Microsoft spokesperson told Gizmodo via email. “We encourage customers to practice good online computing habits, including using caution when clicking on links to web pages, opening unfamiliar files, or accepting file transfers. To increase security, we recommend that you take additional measures, such as enabling multi-factor authentication. “

Microsoft also pointed to Gizmodo to his online security resources page.

While it is not known how the hacker obtained the hundreds of Microsoft email credentials he peddles, cyber intelligence firm KELA has offered a possible clue. KELA told ZDNet that the same hacker had in the past expressed interest in purchasing “Azor logs,” a reference to the data collected. AZORult Trojan malware. AZORult steals data from compromised systems, including saved passwords in browsers and emails, Skype message history, chat history files, and desktop files, among others.

Raveed Laeb, product manager at KELA, told ZDNet that corporate email credentials can be exploited by cybercriminals in several ways.

“Attackers can use them for internal communications as part of a ‘CEO scam’ – where criminals manipulate employees to transfer large sums of money to them; they can be used to access sensitive information as part of an extortion program; or, these credentials can also be exploited to gain access to other internal systems that require email-based 2FA, in order to move sideways through the organization and lead a network intrusion ”, Laeb said.

As stated by ZDNet, the best way to protect yourself against these types of attacks is to enable two-factor authentication, also known as multi-factor authentication. MFA requires you to present two pieces of evidence to access your account. This means that a hacker would need to steal, for example, your credentials and your phone in order to be able to do something with them.

Do people do this? Apparently not. At beginning of the year, Microsoft said that of all hacked corporate accounts, only 11% had MFA enabled.

[ZDNet]

Update 11/28/2020, 11:55 p.m. ET: This article has been updated with additional comment from Microsoft.