We all know that hackers are looking to steal credentials and get their hands on sensitive data, but exactly how does this process work?
Researchers at data protection company Bitglass carried out its second ‘Where’s Your Data’ experiment, creating a digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with real credit-card data.
The team then leaked ‘phished’ Google Apps credentials to the Dark Web and tracked activity across the fictitious employee’s online accounts. Within the first 24 hours, there were five attempted bank logins and three attempted Google Drive logins. Files were downloaded within 48 hours of the initial leak. Bitglass’ Cloud Access Security Broker (CASB) monitoring showed that over the course of a month, the account was viewed hundreds of times and many hackers successfully accessed the victim’s other online accounts.
Over 1,400 visits were recorded to the Dark Web credentials and the fictitious bank’s web portal and one in ten hackers attempted to log in to Google with the leaked credentials. 94 percent of hackers who accessed the Google Drive uncovered the victim’s other online accounts and attempted to log into the bank’s web portal.
In addition 12 percent of hackers who successfully accessed the Google Drive attempted to download files with sensitive content. Hackers came from more than 30 countries, though 68 percent all logins came from Tor-anonymized IP addresses, of non-Tor visits to the website 34.85 percent came from Russia, 15.67 percent from the US and 3.5 percent from China.
“Our second data-tracking experiment reveals the dangers of reusing passwords and shows just how quickly phished credentials can spread, exposing sensitive corporate and personal data,” says Nat Kausik, CEO of Bitglass. “Organizations need a comprehensive solution that provides a more secure means of authenticating users and enables IT to quickly identify breaches and control access to sensitive data”.
More detail of the experiment and its findings is available in the full report which can be downloaded from the Bitglass website.