The targets spanned CEOs, vice presidents and directors, and included “the chief of a mid-sized American software company, the president of a U.S. apparel maker and the CFO of a European retail chain,” according to Engadget.
The accounts went on the market at a limited-access forum in the Russian underground. They’ve been selling for $100 to $1,500 based on the value, and threat intelligence experts note that the accounts might have been accessed via a data-stealing mechanism called AzorUlt, which works by buying data from computers infected by the program.
One source, writing for ZDNet, claimed to have confirmed the authenticity of at least two such accounts, although the Engadget report notes that it was unable to verify this for every victim. The ZDNet tipster has also gone about notifying others whose account information is known to have leaked.
The theft, if successful, could have hurt both executives and workers, and could be used in the future for a wide range of scams targeting companies by posing as leaders and scamming people into sending money. The accounts could also be used for blackmail, and intruders could be used to undermine email-based two-factor authentication, the Engadget report says.
Cyber attacks have increased in scope and volume since the pandemic, with fraudsters taking advantage of the mass confusion and quick digital shift to prey on victims.
Securities and Exchange Commission (SEC) Chairman Jay Clayton, speaking on CNBC, said businesses need to be more aware of the threats posed to their companies from attacks. The SEC put out various alerts over the entirety of the pandemic on the danger of the attacks, warning various sizes of businesses about ransomware attacks affecting broker dealers and investment advisors as well as credential compromises taking peoples’ login information and exposing private information.