News broke that a huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer’s large-scale malware operation to bypass spam filters by sending email through legitimate email servers. IT security experts are commented below.
“Several factors come to mind in consideration of this data disclosure. Here’s points to consider.
There is evidence of a significant amount of speculative data, yet also the potential for meaningful amounts of pre-breached data from existing aggregation. Threat actors continue to expand their methods to potentially mainstream or expand their revenue streams. Continuous large data disclosures of this type, with potentially unverifiable data sources and targets, increase alert fatigue for security professionals. Also – this is another reminder that threat actors also live the dual-edge sword of security.”
“Breaches like this highlight, once again, the importance of education when it comes to password management and password use. Resetting compromised passwords can be a good first step, but the breach had little to do with the passwords that were used. It was a result of the ease with which they can be accessed from the outside. The burden of responsibility lies heavily on organizations, and how much they invest in securing the information users share with them will make a huge difference to user confidence.
“Also, as users now demand a seamless experience across channels, organizations have the added responsibility of making sure that information is secure across these channels. The more user-friendly the system is, the more it needs security. This security can be transparent for sure, but if it doesn’t protect users and their data, it could be leaving the door opening for malicious and crippling attacks.”
“Perhaps the scariest part of this massive Spambot leak is seeing how much data the bad guys have and how little they are doing to protect it. Some may think the bad guy has no motivation to protect our data, but they do. The amount and how well enriched their data set is becomes their competitive advantage in a crowded black market. Just like people using Google more than other search engines because of their huge reach, the black market has brands that stake their reputation on having the biggest database of quality, stolen data. To see that even with such financial motivation they are failing to secure their ill-gotten goods is disheartening.”
“From an enterprise perspective, employees often use the same password for sensitive corporate applications and their personal social media accounts. As a result, information such as valuable login credentials can be exposed and compromised when a social platform provider gets hacked. Enterprises need a way to continuously monitor the risk of credential theft from password sharing between corporate trusted and unknown websites and apps.”
.
Salim Hafid, Product Manager at Bitglass:
“At scale, phishing attacks that bypass spam filters and spoof legitimate sources are no doubt more effective than typical phishing strategies. These targeted attacks, where malware is delivered to millions of individuals, can spread at higher rates and yield more information.”
“In this case, a spam list of over 700 million email addresses and passwords was discovered on an unprotected server. Allegedly, this information was used to send large amounts of spam through legitimate email accounts, which allows the emails to bypass spam filters. Revelations like this continue to be a wake-up call to organizations everywhere. Even with regular employee training, it only takes one employee opening a bad email to put an entire enterprise’s data at risk of malware, ransomware and other threats. The only way to completely circumvent hacker threats this is by approaching data protection proactively, rather than reactively, protecting enterprise data at the file level—even in the event of a breach. With this defense-in-depth protection, malicious threats from spammers can never succeed in gaining access to actual company files.”
.
Matt Kaplan, GM at LastPass:
“Your email address is the username for most of your online accounts so it’s crucial to protect it like your identity depends on it. Using unique passwords for all your online accounts will ensure that if your email, or password, is leaked in a breach like this one, they can’t be used by hackers to get into any of your other accounts. While humans are inherently bad at making passwords, and continue to reuse them, a password manager is a simple and secure way of keeping unique passwords in one place.
If your email service offers it, be sure to turn on two-factor authentication, so that an extra code or text message is required whenever you’re logging in from a new location. That way, even a compromised password won’t allow access to your email account.”
“This is an important reminder of one aspect of the data-breach lifecycle. The threats outlined are not new or novel, nor is the credential harvesting/storage methodology. Data breaches don’t end after the public disclosure. Leaked/breached data can continue to live on and be used, reused, sold, re-sold, etc. for purposes just as described here. Any organisation that is not aware of and closely following OSINT specific to their company/brand/intellectual property/etc. is bound to fall victim to continued use of their data or infrastructure for ongoing malicious activity. The real take-away here should not be to alarm or scare, but rather to educate and remind everyone of the permanence of breached/leaked data and the need to not only defend your organisation, but also monitor the ‘ether’ for continued misuse of data and resources.”
“The sheer size of the breach is alone a cause for concern, let alone the damage it could cause further down the line. This breach is an example of how hackers merge data from multiple sources, building dossiers on potential victims, including spear phishing targets. In this instance, the majority of the passwords appear to have been collated from previous leaks, including the 2012 LinkedIn data breach. Every breach reveals data that criminals can use to launch additional attacks, either by the initial attackers or other criminals to whom they sell the compromised data.
“Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications. The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges against advanced persistent threats and evasive malware that could be introduced as a result of an infected personal device targeted as a result of a prior data breach. Data breaches provide a distribution hub for malware for years to come.”
“Sophisticated hackers are increasingly weaponized by the large pools of identities that they stealing from poorly secured targets. Weak security at organizations with large pools of data is the nemesis of the well-secured enterprise.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.