Police disrupt stolen credentials marketplace, how fast crooks work with stolen credentials and more.
Welcome to Cyber Security Today. It’s Friday June 11th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Another big hit against cyber crooks this week: Four countries including the U.S. said they have taken down the infrastructure behind the Slilpp marketplace, which specializes in selling stolen login credentials. The servers and domain names were seized by court orders. In addition over a dozen people have been arrested. At the time of the action stolen credentials for over 1,400 accounts were available for sale on the site. By one estimate the stolen login credentials caused over $200 million loses in the U.S. alone since the marketplace was established nine years ago.
This follows the revelation on Monday that American authorities were able to retrieve over half of the money Colonial Pipelines paid last month after a ransomware attack.
How fast do cybercrooks work when they get hold of a stolen password? To find out security vendor Agari recently did a test: It spread credentials to Office 365 accounts Agari controlled over 8,000 phishing sites so it could track what happened. Nearly a quarter of the compromised accounts were automatically accessed at the time of compromise to validate the authenticity of the credentials. Almost one in five accounts were accessed within the first hour of compromise, and nearly all of them were accessed within a week after they were compromised. And while a majority of compromised accounts were only accessed one time by actors, there were a number of examples where a cybercriminal maintained persistent and continuous access to a compromised account.
Often after logging into these fake email accounts the crooks would try to use them as launching sites for malicious emails to potential victims. One lesson, Agari says, is the importance of blocking phishing emails aimed at stealing credentials.
Hackers have stolen game source code and software development tools from gaming giant Electronic Arts, according to the news site Motherboard. Electronic Arts publishes Battlefield, FIFA and The Sims. EA said no player data was accessed. But the source code could be valuable to someone willing to pay for it. There was no explanation of how attackers got into EA’s system.
Finally, if you use the Chrome browser, make sure it’s running the latest version. It should end in .101. This fixes several serious vulnerabilities.
That’s it for this edition. Remember as always on Friday afternoons the Week in Review edition will be available. I’ll be talking with guest Dinah Davis of Arctic Wolf about the latest ransomware news, including that seemingly miraculous recovery of ransom money paid by Colonial Pipeline, and the explanations of the hack by the pipeline CEO before the U.S. Congress.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.