Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Stolen email credentials being used to pry into cloud accounts

Stolen email credentials being used to pry into cloud accounts

Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security.

Proofpoint researchers found the availability of these tools has powered a massive increase in the number of cloud attacks taking place which in turn enable the attackers to possibly gain access to the people inside an organization who can be conned out of money. One new use of the previously harvested credentials was to utilize the stolen usernames and passwords to conduct a hybrid brute force attack password spraying attack. In these cases the stolen logins are used to enmasse with the hope that a match takes place allowing access.

There is also an ancillary attack type that uses phishing to gain initial entry into a target organization, then using the older credentials to move laterally.

“The attacker’s primary aim is often to launch internal phishing, especially if the initial target does not have the access needed to move money or data. Post-login access to a user’s cloud email and contact information improve an attacker’s ability to expand footholds within an organization via internal phishing and internal BEC,” the report said.

Proofpoint’s researchers studied hundreds of thousands of unauthorized logins and found 72% of cloud tenants were targeted at least once by threat actors, 40% of tenants had at least one compromised account in their environment 15 out of every 10,000 active user-accounts were successfully breached by attackers.

Perhaps tiring of relying on Nigerian prince scams and looking for something new and more productive, the most of the successful attacks, 40 percent, were tracked to IP addresses located in that African nation. Next on the list was China being home to 26 percent of the attackers, than the United States, Brazil and South Africa.

“Between November 2018 and January 2019, successful brute force and phishing-related attacks involving Nigerian IP addresses increased by 65%. While these attacks did not all necessarily involve Nigerian actors, recent arrests and activity are consistent with widespread cybercrime in the region,” the report stated.

The research showed most of the attacks abused the IMAP protocol, most likely because it bypasses multifactor authentication and failed attempts to gain access to not result in account lock out so it is difficult to detect the attack because no trail is left.

About 60 percent of Microsoft Office 365 and G Suite tenants were hit with IMAP-based password brute force/spraying attacks resulting in a successful breach 25 percent of the time.

The attacks that started with a phishing attack also proved successful with 31 percent of the cloud tenants studied being breached in this method. Again, the Nigerians led the way here with 63 percent of successful attacks coming from this nation, followed by South Africa home to 21 percent of the fruitful attacks and then the U.S. with 11 percent.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket