When it comes to corporate America, there’s a lot of value concentrated in an email account — which is why so many companies place an emphasis on cybersecurity.
But we also know that many aren’t doing an adequate job. A recent article in Forbes said cyber attackers are “taking advantage of the pandemic,” enabled by a framework described as “stop-gap ‘good-enough’ security” and “ramshackle incident response plans.”
So if entry to corporate accounts is ripe for the picking, then nefarious actors will act. New reports suggest that a group of hackers is selling access to the email accounts of hundreds of C-suite executives.
The email accounts are listed individually in an exclusive Russian underground network, some for hundreds of dollars and others for thousands. According to reports, these Microsoft accounts include a CEO for a mid-sized software company, the president of a U.S. apparel maker and, of course, many more.
ZDNet was able to confirm the authenticity of several accounts and warns that the fallout may be more widespread than impacts to these individuals alone. For example, one expert told the news outlet that the emails can be potentially used for “CEO scams” where criminals pose as the executive and manipulate employees into wiring money. Worse, unsuspecting employees could be tricked into revealing sensitive company data, which could result in the intrusion spreading quickly within the company’s networks.
And while it may be too late for some of these companies, the rest of us can take some pointers. According to ZDNet, even if hackers steal your data, there are ways to keep them from using it, and they’re not that difficult: two-factor authentication will render a password useless without a secondary verifier, and it’s “the easiest way of preventing hackers from monetizing any type of stolen credentials.”