You’ve probably already read the news about the biggest password leak in the history of the Internet and (hopefully) changed the passwords in your main accounts just in case. However, this is not the first time that user data has floated online. Cybersecurity researchers from Agari decided to test how quickly hackers try to gain access to compromised accounts.
Agari seeded 8,000 phishing sites with fake credentials. They looked like they belonged to real users, but in reality everything was under the control of the researchers. After that, the safety experts prepared popcorn and watched what would happen next.
The research results were not very encouraging for users. Half of all compromised accounts were already accessed by cybercriminals within 12 hours. Moreover, 20% of the records were hacked in the first hour, and another 40% – within 6 hours. So if you visit a phishing site in the evening and then go to bed, you might find an unpleasant surprise in the morning.
Almost all accounts were accessed manually. This is a dreary occupation, but cybercriminals could find out for sure whether the accounts were working.
Why do hackers need other people’s accounts?
Hacked accounts can be used by cybercriminals in different ways. For example, find valuable confidential information there, gain access to a user’s cloud storage and steal data from there, use an account for further attacks, or simply sell it.
Often, compromised accounts are used for BEC attacks (gaining access to corporate mail and further sending phishing links and spam). One attacker tried to use a compromised account to conduct BEC attacks on the real estate sector. He sent out emails with links to a phishing site. In this way, the attacker was going to steal data for access to real estate companies. Naturally, he did not succeed, since the fake accounts were controlled by the Agari researchers. None of the sent letters reached the addressee.
Nevertheless, the study shows that cybercriminals start exploiting user data leaks rather quickly, because this does not require spending resources, and the result is visible immediately. Accordingly, phishing attacks through hacked accounts lead to an exponential growth of compromised data, and at the moment this is the least time-consuming way to compromise information.
However, there is good news: according to the study, after about a week, attempts to use the leaked passwords come to naught.
What to do?
Considering that compromised passwords are actually used, and quickly, it is a good habit to enable two-factor authentication where possible. It is also worth using password managers with the analysis of the databases of the sites from which the leaks occur.
By the way, as it turned out, the vulnerabilities discovered and published by CVE are also being exploited quite quickly. It happens that within an hour after the news of a new vulnerability appears, companies that do not monitor the relevance of their infrastructure are attacked by cybercriminals. So, security specialists in companies should keep an eye on newly discovered vulnerabilities and try to fix them as soon as possible.