We all know that hackers want to steal credentials and get their hands on sensitive data, but how exactly does this process work?
Researchers at data protection company Bitglass (opens in new tab) conducted his second ‘Where’s Your Data’ experiment, creating a digital identity (opens in new tab) for an employee of a fictitious retail bank, a functional web portal for the bank and a Google Drive account, complete with real credit card information.
The team then leaked “phishing” Google Apps credentials to the Dark Web and tracked activity on the fictitious employee’s online accounts. Within the first 24 hours, there were five attempts to sign in to the bank and three attempts to sign in to Google Drive. Files were downloaded within 48 hours of the first leak. Bitglass’ Cloud (opens in new tab) An audit by Access Security Broker (CASB) found that the account was viewed hundreds of times over the course of a month and that many hackers successfully gained access to the victim’s other online accounts.
More than 1,400 visits were recorded to the bank’s dark web credentials and fictitious web portal, and one in 10 hackers attempted to log into Google using the leaked credentials. 94 percent of the hackers who had access to Google Drive discovered the victim’s other online accounts and tried to log into the bank’s web portal.
In addition, 12 percent of hackers who had access to Google Drive attempted to download files with sensitive content. Hackers came from more than 30 countries, although 68 percent of all logins came from Tor anonymized IP addresses, of non-Tor visits to the website 34.85 percent came from Russia, 15.67 percent from the US and 3 .5 percent from China.
“Our second data-tracking experiment reveals the dangers of reusing passwords (opens in new tab) and shows how quickly phishing credentials can spread, exposing sensitive company and personal data,” said Nat Kausik, CEO of Bitglass. “Organizations need a comprehensive solution that provides a more secure way to authenticate users and IT in enables to quickly identify breaches and control access to sensitive data”.
More details of the experiment and findings are available in the full report which can be downloaded from the Bitglass website (opens in new tab).