Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday October 04 2018, @06:13PM   Printer-friendly
from the seek-and-ye-shall-find dept.

Digital Shadows reports Business Email Compromise Made Easy for Cybercriminals as 12.5 Million Company Email Inboxes and 33,000 Finance Department Credentials Openly Accessible on the Web:

Digital Shadows, the leader in digital risk management and relevant threat intelligence, has today announced the findings of new research revealing the diversity of methods used to infiltrate company emails. The FBI has estimated that scams resulting from business email compromise – such as fake invoices and wire fraud – have cost businesses $12bn globally over the last five years.

While phishing is a common means of attack, the research reveals criminals are resorting to a wide variety of methods to access business email accounts. But in many cases, companies are inadvertently making it easy for cybercriminals. Digital Shadows discovered entire company email inboxes exposed – over 12 million email archive files (.eml, .msg, .pst, .ost, .mbox) publicly available across misconfigured rsync, FTP, SMB, S3 buckets, and NAS drives. By improperly backing up these archives, employees and contractors are unwittingly exposing sensitive, personal and financial information – Digital Shadows discovered 27,000 invoices, 7,000 purchase orders, and 21,000 payment records.

Finance professionals, in particular, are in the firing line. 33,568 finance department email addresses have been exposed in third-party breaches and are circulating on criminal forums. Of these, 83% (27,992) have passwords associated with them. Digital Shadows detected criminals specifically searching for company emails that contained common accounting domains such as "ap@," "ar@", "accounting@," "accountreceivable@," "accountpayable@" and "invoice@." These credentials are considered so valuable that one individual is offering up to $5,000 for a single username and password pair.

[...] Digital Shadows recommends... seven steps for organizations that want to reduce their risk

[...] The full report entitled 'Pst! Cybercriminals on the Outlook for Your Emails' is available to download at: http://bit.ly/BECresearch [( https://info.digitalshadows.com/BECResearchReport_Reg-PressRelease.html )]

Submitted via IRC for chromas


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Offtopic) by Runaway1956 on Thursday October 04 2018, @06:49PM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Thursday October 04 2018, @06:49PM (#744250) Journal

    Diversity good!!

    Starting Score:    1  point
    Moderation   -1  
       Offtopic=1, Total=1
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   1  
  • (Score: 1, Offtopic) by Runaway1956 on Thursday October 04 2018, @07:09PM

    by Runaway1956 (2926) Subscriber Badge on Thursday October 04 2018, @07:09PM (#744259) Journal

    Whattaya mean, "offtopic"? For the past decade or so, we've been taught that diversity is a good thing, in and of itself, and that we should all strive for diversity in all things. This story says that criminals are now into diversity. Is this not a desirable outcome?