Access sold for $100 to $1500 per account, depending on the company size and exec role.

Target Audience: C-Level executives
Published on: 01, Dec 2020

Lakshmi Santhosh
Project Manager – Information Security and Compliance Learning

Lakshmi Santhosh
Project Manager – Information Security and Compliance Learning

Milna Anna Maria
Team Lead – Security Awareness Projects

Milna Anna Maria
Team Lead – Security Awareness Projects

Recent studies have revealed that senior management and C-suite executives are most likely to suffer from a malicious attack within the company. The recent credential leak of C-Level executives has proven this data to be more accurate.

The email accounts of hundreds of C-level executives around the world have been compromised. The data is currently being sold in a restricted underground forum for Russian hackers called ‘Exploit.in’. These compromised credentials are the username and password combinations for Office 365 and Microsoft accounts.

C-Level executives targeted include:

  • CEO – Chief Executive Officer
  • COO – Chief Operating Officer
  • CFO – Chief Financial Officer or Chief Financial Controller
  • CMO – Chief Marketing Officer
  • CTOs – Chief Technology Officer
  • President
  • Vice President
  • Executive Assistant
  • Finance Manager
  • Accountant
  • Director
  • Finance Director
  • Financial Controller
  • Accounts Payables

Get a visual understanding of the advisory with our detailed Infographic.

Download Infographic

It is still unclear how the threat actor obtained these credentials.

Businesses and C-Level executives should be highly alert since corporate email credentials are valuable for cybercriminals as they can be monetized in different ways. The compromised emails can be abused for CEO scams, also known as Business Email Compromise (BEC) scams which is on the rise globally.

The easiest way of preventing hackers from monetizing any type of stolen credentials is to use a two-step verification (2SV) or two-factor authentication (2FA) solution for your online accounts.

Closing notes

C-level executives are excellent targets as an attacker can maximize the return since they will likely have access to more privileged information, such as employee data and proprietary knowledge.

To proactively stay ahead of the scammers, be vigilant at all times and avoid falling prey to scams in the first place.