The black market is now on a feast for the latest sale craze happening on a Russian exclusive forum Exploit.in. Based on the news, an anonymous hacker is currently selling Office 365 email logins of hundreds of high-ranking executives of prominent businesses across the globe. The price usually ranging from 100 USD to 1500 USD depending on the executive company and affiliations.
The credentials that are being sold off is the combination of the username and password of the hacked executive account. The position of the executives in the company are as follows:
- CEO – Chief Executive Officer
- COO – Chief Operating Officer
- CFO – Chief Financial Officer
- CMO – Chief Marketing Officer
- CTOs – Chief Technology Officer
- President
- Vice President
- Executive Assistant
- Finance Manager
- Accountant
- Director
- Finance Director
- Financial Controller
- Accounts Payables
According to a reliable person who communicates with the hacker, he was given a sample account of 2 executives from a known company. He was able to confirm the legitimacy of the data that the hacker has on his repository and said that the hacker has more accounts to sell. Though the source of the hacker did not disclose where the data has originated, a cybersecurity expert who happened to stumble about the same hacker said that he has seen the hacker buying information from compromised computers that were infected by an info-stealer malware (AzorUlt). This malicious application was created mainly to steal credentials on hacked networks and individuals, which operators profits for selling it on the black market.
Office 365 accounts hold essential information that when an adversary exploits, it can lead to much dreaded malicious activity and damaging results.
Usually, the username and password were also the network password of the individual that results in vast exfiltration of important information not from the individual but worst with the entire network. Since the sold accounts are high–ranking officials, some credentials may have an elevated privilege that could lead to a more damaging outcome. The worst of possible usage is the so-called Business-email-compromise (BEC), wherein the hacked account can send emails to another potential victim either to gather intel or to propagate the malicious activity to the targeted network. The Federal Bureau of Investigation (FBI) tagged BEC as the most used operation in performing cybercrime during the year of 2019.
Currently, Microsoft continuously advises its clients and user to impose on using a robust password management system and implement a sustainable campaign in providing awareness about the latest cybercrime scheming happening in the cybercommunity.
For permanent resolution, administrators are being asked to impose a two-factor authentication (2FA) with a failed login threshold. This is to ensure that hackers may have held the username and password of a user but will not be able to log in without the added security code and a unique algorithm application that cannot be used to guess the extra code verifier.
