Cyber Security Today, June 11, 2021 – Police disrupt stolen credentials marketplace, how fast crooks work with stolen credentials and more

Police disrupt stolen credentials marketplace, how fast crooks work with stolen credentials and more.

Welcome to Cyber Security Today. It’s Friday June 11th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

 

This podcast is brought to you by Terranova Security, helping you discover how to build an effective security awareness training program and train the world’s cyber heroes from a lineup of cyber security experts. Register now for the 2021 Security Awareness Virtual Summit here.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Another big hit against cyber crooks this week: Four countries including the U.S. said they have taken down the infrastructure behind the Slilpp marketplace, which specializes in selling stolen login credentials. The servers and domain names were seized by court orders. In addition over a dozen people have been arrested. At the time of the action stolen credentials for over 1,400 accounts were available for sale on the site. By one estimate the stolen login credentials caused over $200 million loses in the U.S. alone since the marketplace was established nine years ago.

This follows the revelation on Monday that American authorities were able to retrieve over half of the money Colonial Pipelines paid last month after a ransomware attack.

How fast do cybercrooks work when they get hold of a stolen password? To find out security vendor Agari recently did a test: It spread credentials to Office 365 accounts Agari controlled over 8,000 phishing sites so it could track what happened. Nearly a quarter of the compromised accounts were automatically accessed at the time of compromise to validate the authenticity of the credentials. Almost one in five accounts were accessed within the first hour of compromise, and nearly all of them were accessed within a week after they were compromised. And while a majority of compromised accounts were only accessed one time by actors, there were a number of examples where a cybercriminal maintained persistent and continuous access to a compromised account.

Often after logging into these fake email accounts the crooks would try to use them as launching sites for malicious emails to potential victims. One lesson, Agari says, is the importance of blocking phishing emails aimed at stealing credentials.

Hackers have stolen game source code and software development tools from gaming giant Electronic Arts, according to the news site Motherboard. Electronic Arts publishes Battlefield, FIFA and The Sims. EA said no player data was accessed. But the source code could be valuable to someone willing to pay for it. There was no explanation of how attackers got into EA’s system.

Finally, if you use the Chrome browser, make sure it’s running the latest version. It should end in .101. This fixes several serious vulnerabilities.

That’s it for this edition. Remember as always on Friday afternoons the Week in Review edition will be available. I’ll be talking with guest Dinah Davis of Arctic Wolf about the latest ransomware news, including that seemingly miraculous recovery of ransom money paid by Colonial Pipeline, and the explanations of the hack by the pipeline CEO before the U.S. Congress.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

 

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Sponsored By:

Cyber Security Today Podcast