The Secret Life Of Stolen Credentials

  /     /     /  
Publicated : 22/11/2024   Category : security


The Secret Life Of Stolen Credentials


Bitglass Threat Research Teams Project Cumulus demonstrates what happens when Google Drive credentials are stolen.



Everyone knows that stolen credentials can have disastrous effects on peoples most critical accounts, but theres often no clear timeline for how exactly criminals put them to use. That changed this week with a new experiment from researchers with cloud access security broker (CASB) Bitglass, who put together a fictional digital identity and then leaked its credentials to the Dark Web to track the secret life of credentials once theyre stolen.
This is the second-year running that Bitglass has done
a wheres your data? experiment
. For this one, dubbed
Project Cumulus
, the Bitglass Threat Research Team created an online persona of an employee for a fictitious bank. This included creating a phony Google Drive account with fake bank data and files containing real credit card numbers and other data made to look like something someone would produce on the job. The drive was then tracked using Bitglass watermarks embedded in the files and its CASB technology in monitor-only mode.
From there, the team leaked the credentials for the Google Drive in a way that made it appear they were stolen during a larger phishing campaign. They found there was an immediate spike in activity when the credentials were leaked, with over 1,400 visits recorded to them and to the fictitious banks Web portal.
From there, about 94% of the hackers who accessed the drive in question then also found the victims other online accounts, including the faked bank Web portal. One in ten of them immediately attempted to log into Google itself with the Google Drive credentials in hand. And 12% of hackers attempted to download files containing sensitive content, with a handful cracking encrypted files after they were downloaded.
Our second data-tracking experiment reveals the dangers of reusing passwords and shows just how quickly phished credentials can spread, exposing sensitive corporate and personal data, says Nat Kausik, CEO of Bitglass.
[Experiment tracked the Dark Web journey of a cache of phony names, SSNs, credit cards, and other personal information. Read
What Happens When Personal Information Hits The Dark Web
.]
Project Cumulus was the next step in Bitglass experimentation on tracking stolen credentials or documents in the wild. Last year, it leaked watermarked documents and found these files were viewed 200 times in just the first few days of leaking. At that time, not many attackers used any methods to anonymize their traffic to the documents in question.
In stark contrast, this second incarnation had 68% of all logins coming from Tor-anonymized IP addresses.
 
Find out more about
security threats
at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas.
Register today
and receive an early bird discount of $200.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
The Secret Life Of Stolen Credentials