Hacker Selling Microsoft Passwords for C-Level Executives: Warning

By Freya Buss | Wednesday, December 2nd, 2020

The news has recently broken that a hacker is selling hundreds of C-level executives' email account login credentials. According to a news article from ZDNet, the email and password combinations, which grant access to Office 365 and Microsoft accounts, are going for $100 to $1500 on Exploit.in, a forum for Russian-speaking hackers.

The seller claims that the accounts belong to C-suite and other high-ranking titles at companies around the world. A source for ZDNet confirms that the samples they obtained from the buyer were indeed valid. The accounts the source gained access to belonged to the CEO of a medium-sized US software company and the CFO of a European chain of retail stores.

The Threat

Cybercriminals can monetize stolen email credentials in a number of ways, the most popular of which are CEO scams, internal communications which manipulate employees into wiring money straight to the hacker posing as an executive. Other opportunities for profit include using the credentials in an extortion scheme or to log into other systems that use email-based two factor authentication (2FA), thereby gaining access to more sensitive information or disrupting the company’s networks.

Threat intelligence firm KELA reports that the hacker selling these passwords has potentially purchased “Azor logs,” which contain data stolen from computers by an info-stealer trojan called AzorUlt. This program infects computers and records usernames, passwords, and sometimes other data as users type them into their browsers.

How to Protect Yourself and Your Firm

The news that this seller’s listing contains valid login credentials from high-level positions across the globe is certainly troubling, but keeping informed and proactive with regard to your company’s security can help keep you safe from falling prey to threats like these.

Knowing that your login credentials can be stolen and sold by threat actors, you can mitigate and contain the potential damage by varying passwords across different platforms and changing your passwords regularly as well as by using multi-factor authenication (MFA). If you want to use the same basic password to log in to multiple accounts, change the capitalization or switch out letters for numbers. Every three months, create a new, strong password so that any stolen information is rendered useless to the hapless hacker who bought it.

2SV/2FA/MFA Is a Requirement

You may hear these three terms thrown around a lot in conversations about cybersecurity: two-step verification (2SV), two-factor authentication (2FA), and multi-factor authentication (MFA). Functionally they describe the same thing—a kind of security measure for online accounts which requires a second (or more) source of verification beyond just entering a username and password. This is often accomplished by means of a unique code sent to a trusted phone number or email account. Implementing MFA for your online accounts keeps hackers out even if they know your password.

Activate Dark Web Monitoring

Even if you and your employees follow password best practices, your information can still be stolen by relentless cybercriminals. That is why it is so important to keep an eye out for compromised credentials so as not to be caught unawares. But the dark web is vast, and most firms don’t realistically have the expertise or resources to effectively monitor it. Leveraging a trusted IT provider’s Dark Web Monitoring offering can make this valuable security measure more accessible to firms of all sizes. View our datasheet on Eze Dark Web Monitoring to learn more.