The compressed attachment of the “REQUEST FOR QUOTATION” email contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime offer 21 million credentials for Top 500 firms on the Dark Web
ImmuniWeb: Cybercrime offer 21 million credentials for Top Fortune 500 firms on the Dark Web
Cybercrime is offering 21 million logins for Top 500 Firms on the Dark Web. It has been discovered by ImmuniWeb cyber security experts. The information was compiled by crawling multiple resources, like markets in the Tor network, web forums, Pastebin, IRC channels, social networks, and messenger chats. 21,040,296 is the exact number of credentials belonging to first Fortune 500 companies that security researchers found on the web. Most of them were from tech companies, closely followed by organizations in the financial industry. Entities in the healthcare, energy, telecommunications, retail, industrial, transport, aerospace and defense sectors are also on the list. However, not all of them are fresh. 16,055,871 credentials, in fact, were compromised in the past 12 months. But As many as 95% of the credentials contained unencrypted, or bruteforced and cracked by the attackers, plaintext passwords.
The cyber security experts: The most popular sources of the exposed breaches were third parties (trusted included) and the companies themselves. Furthermore, the victims use often same and very weak passwords
According to the cyber security experts, the most popular sources of the exposed breaches were third parties (e.g. websites or other resources of unrelated organizations), trusted third parties (e.g. websites or other resources of partners, suppliers or vendors), and the companies themselves (e.g. their own websites or in-house other resources). Moreover, they found only 4.9 million (4,957,093) fully unique passwords amid the 21 million records suggesting that many users are using identical or similar ones. And often, as ImmuniWeb reports, they are very common: from “123456789” to “password”. This could explain why breaches in top industrial sector are increasing. Cybercrime, in fact, can use them for spear-phishing and password re-use attacks. Not by chance, reported data breaches and the number of records exposed therein spiked by over 50% during the Q1 2019 compared to the previous year, and attained a flabbergasting number of 4,000.