Cybercriminals have found new ways to infiltrate corporate emails, which has resulted in a $12bn cost to businesses over the last five years, according to Digital Shadows. Compromised corporate accounts are commonly traded on the dark web, where criminals stand to earn a pretty penny, particularly if the email accounts are those of employees in accounting or finance departments.
According to the report, researchers detected 33,568 email addresses of finance departments that had been exposed by third parties. Of those, 83% included passwords. On dot-com domains, the research found 18,163 credentials exposed. It also includes images of exchanges on a special-access dark web forum where a criminal is looking for accounting emails from companies in the US and South Africa.
These financially motivated malicious actors have expanded their attack methods beyond the commonly used, and quite reliable, phishing attacks to include account takeover attacks or simply paying for access. In another forum, a hacker is asking for as little as $150 to break into corporate email accounts, suggesting that cyber-criminals are winning in the digital war on fraud.
With social engineering and email spoofing, they are using more targeted campaigns. All the while, companies are inadvertently making it easier for them to compromise email accounts. In fact, according to the report, entire company email inboxes have been left exposed on the internet, which translates to more than 12 million archived files exposed because of misconfigurations in rsync, FTP, SMB, S3 buckets and NAS drives.
Researchers also discovered sensitive, personal and financial information exposed on 27,000 invoices, 7,000 purchase orders and 21,000 payment records as a result of faulty backups.
“Phishing continues to be a very serious problem associated with business email compromise, but, unfortunately, we discovered that is far from the only risk, especially as barriers to entry for this type of fraud are coming down,” said Rick Holland, CISO at Digital Shadows.
“Millions of companies are already exposed through misconfiguration issues or finance department emails and passwords circulating online. With the right knowledge it is relatively easy for cyber-criminals to find whole email boxes and accounting credentials – indeed we found criminals actively looking for them.”