Researchers from Agari submitted unique credentials belonging to fictional personas into phishing sites posing as commonly used enterprise applications, then waited to see what the phishers did with the compromised accounts.
They discovered that 23% of all accounts were accessed relatively quickly (presumably to confirm that the credentials work), 50% of accounts were accessed manually within 12 hours of penetration, and 91 percent of compromised accounts were accessed manually during the first week.
What is the purpose of the accounts that have been compromised?
The researchers implanted the unique credentials into phishing pages that impersonated Microsoft OneDrive, Office 365, SharePoint, Adobe Document Cloud, or just (generally) Microsoft.

They discovered activity in over 40% of their “compromised” accounts after six months.
“A number of the compromised accounts were accessed frequently over a lengthy period of time, despite the fact that the majority of the affected accounts (64 percent) were only visited once. In fact, during the course of four and a half months, one account was accessed 94 times, demonstrating “the persistent and ongoing access fraudsters keep on hacked email accounts,” they said.
Hacked enterprise mails are used by attackers to identify personnel with access to a company’s financial information and payment system. To have rapid visibility into incoming and outgoing emails, they frequently set up email forwarding or redirect policies.
According to the researchers, some of the attackers switch from email to other Office 365 applications and utilize them to scour for valuable documents or even upload files (fake invoices and the like) that would be utilized in later phishing assaults or fraud efforts.
However, the attackers mostly used the hijacked email accounts to send out more phishing emails, sometimes targeting specific industries and sometimes a broad range of them, and to set up additional business email compromise (BEC) infrastructure (for example, by registering for a variety of services that will allow them to send out more phishing emails) to gather information and generate leads, send emails, host malicious websites, or create malicious documents).
Threat actors can utilize legitimate accounts to operate their malicious operations by duping users into giving over their credentials, which is a dream come true for them, according to the researchers.

And compromised accounts lead to phishing emails, which leads to more compromised accounts, which leads to more phishing, and so on, in an endless cycle that should be broken.

Get Informed Click the image below!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by Live Score & Live Score App
©️ Copyright 2021, All Rights Reserved Inside254 / By NorthWest Media.