Skurio Comment: Hacker selling CEO emails on Dark Web
November 2020 by Jeremy Hendy, CEO at Skurio
Following the news regarding a hacker selling C-Level executives’ emails and password combinations on the Dark Web, Jeremy Hendy CEO at Skurio, offers the comment:
“Cybercriminals find high-value transactions almost irresistible, and CEO’s make an ideal target. Business email compromise (BEC) is a straightforward way to execute a payment diversion scam – businesses that do not monitor for leaks of compromised data outside their network would suspect nothing. Previously, we have seen hackers use sophisticated techniques to turn breached data into complete digital identity packages. If hackers are now using segmentation techniques to identify high profile targets, this would represent a new and interesting step forward; not least because, senior executives are often the individuals least likely to adhere to company security policies and good cyber behaviours.
Digital risk protection for VIPs was already a high priority for many businesses we speak to, this development only serves to increase its importance. With consideration to BEC threats, a stronger effort to avoid such attacks is imperative.
This stresses the importance of routinely monitoring the Dark Web for personal corporate email credentials, keeping up to date with data leaks and in turn, ensuring appropriate and timely reactions. In addition, monitoring for VIP information is also critical to alert individuals to potential compromises such as BEC or Doxing.
With many staff still out of the office, we continue to urge businesses to add additional process steps to make sure any large payment is authorised and going to the correct account. Making a simple phone call to a colleague can ensure they don’t fall foul to these attacks.”