Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
Digital Shadows’ latest research report, Pst! Cybercriminals on the Outlook for Your Emails, highlights the different ways cybercriminals can access corporate email accounts to perform business email compromise (BEC) attacks. Our previous two blogs looked at how attackers can outsource this work to other online actors, or even try their luck with previously compromised credentials for finance and accounting departments. Both these approaches create opportunities for actors, often with lesser-capabilities, to conduct BEC operations without the need to conduct their own phishing campaigns or use information stealing malware.
If that wasn’t enough, there is a third method available to cybercriminals, with companies and individuals inadvertently exposing entire email inbox archives across misconfigured file sharing services. Building on our research paper, Too Much Information, we searched for emails and email archives across FTP, rsync, SMB, S3 buckets, and network attached storage (NAS) drives. All in all, we discovered 12,556,810 email archives exposed across these services. Why go to a dark web market and pay for access when you can get sensitive information for free on the open web?
To determine the level of email archive exposure, we searched across misconfigured SMB, rsync, FTP, S3 buckets, and NAS drives for the following email file types:
In total, we detected over 12 million exposed files, with EML and MSG the most popular. The full breakdown is provided in Figure 1.
Figure 1: Number of exposed files for different email file formats
Gaining access to a corporate email account can be highly lucrative for an attacker. Contracts, invoices and purchase orders will all be stored in these inboxes – perfect for conducting BEC campaigns. We detected over 50,000 email files that contained “invoice” (27,000), “payment” (21,000) or “purchase order” (7,000) in the subject line across unauthenticated or misconfigured file stores.
In some instances, these were worryingly sensitive. In Figure 2, a whole accounting firm’s email correspondence with clients was publicly-available online, including thousands of invoices and tax returns – a gold mine for a BEC campaign or fraudster looking to sell documents on forums and marketplaces.
Figure 2: Accounting firm exposing client information, including emails with tax return information. Redacted by Digital Shadows
We all archive and store emails somewhere, but this level of exposure prompts us to ask ourselves many questions: are you securing email archives appropriately? Have your employees been given training on the risks of using home NAS drives? And what about your 3rd parties and contractors?
To learn how to reduce the risk of BEC for you and your organization, download a copy of our latest research report, Pst! Cybercriminals on the Outlook for Your Emails.
We’ve also created an infographic around our BEC research. Here are 5 ways that cybercriminals gain access to emails without conducting a phishing campaign or network intrusion.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.