Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Digital Shadows also reveals the rise of BEC ‘as a service’ – advertised on the dark web with hacked accounts available from $150, delivered within a week
London and San Francisco, October 4, 2018: Digital Shadows, the leader in digital risk management and relevant threat intelligence, has today announced the findings of new research revealing the diversity of methods used to infiltrate company emails. The FBI has estimated that scams resulting from business email compromise – such as fake invoices and wire fraud – have cost businesses $12bn globally over the last five years.
While phishing is a common means of attack, the research reveals criminals are resorting to a wide variety of methods to access business email accounts. But in many cases, companies are inadvertently making it easy for cybercriminals. Digital Shadows discovered entire company email inboxes exposed – over 12 million email archive files (.eml, .msg, .pst, .ost, .mbox) publicly available across misconfigured rsync, FTP, SMB, S3 buckets, and NAS drives. By improperly backing up these archives, employees and contractors are unwittingly exposing sensitive, personal and financial information – Digital Shadows discovered 27,000 invoices, 7,000 purchase orders, and 21,000 payment records.
Finance professionals, in particular, are in the firing line. 33,568 finance department email addresses have been exposed in third-party breaches and are circulating on criminal forums. Of these, 83% (27,992) have passwords associated with them. Digital Shadows detected criminals specifically searching for company emails that contained common accounting domains such as “ap@,” “ar@”, “accounting@,” “accountreceivable@,” “accountpayable@” and “invoice@.” These credentials are considered so valuable that one individual is offering up to $5,000 for a single username and password pair.
For criminals looking to outsource their work, Digital Shadows noted that business email compromise ‘as a service’ is widely available for as little as $150 – with results available in a week or less. Alternatively, some cybercriminals are offering a percentage revenue share of the total earnings in return for access to inboxes. As an example, one cybercriminal specializing in the construction sector, engaged with Digital Shadows via the Jabber instant message service offering a 20% cut of the total proceeds that could be harvested from exploiting email vulnerabilities.
Rick Holland, the Chief Information Security Officer at Digital Shadows comments: “Phishing continues to be a very serious problem associated with business email compromise but unfortunately, we discovered that is far from the only risk, especially as barriers to entry for this type of fraud are coming down. Millions of companies are already exposed through misconfiguration issues or finance department emails and passwords circulating online. With the right knowledge it is relatively easy for cybercriminals to find whole email boxes and accounting credentials – indeed we found criminals actively looking for them.
Holland continues: “Naturally as the return on investment from acquiring such sensitive information are so high, we also found cybercriminals actively collaborating with each other to target specific companies. Organizations can never mitigate these issues entirely; however, it is within their power to at least tighten up on their own processes to ensure that their data exposure is kept to a minimum.”
Digital Shadows recommends these seven steps for organizations that want to reduce their risk:
The full report entitled ‘Pst! Cybercriminals on the Outlook for Your Emails’ is available to download at: http://bit.ly/BECresearch
A blog with further context is available at: https://info.digitalshadows.com/BECResearchReport_Reg-Blog.html
ABOUT DIGITAL SHADOWS
Digital Shadows enables organizations to manage digital risk by identifying and eliminating threats to their business and brand. We monitor for digital risk across the widest range of data sources within the open, deep and dark web to deliver tailored threat intelligence, context and actionable remediation options that enable security teams to be more effective and efficient. Our clients can focus on growing their core business knowing that they are protected if their data is exposed, if employees or third parties put them at risk, or if their brand is being misused. To learn more, visit www.digitalshadows.com.