Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

One Million Compromised Accounts Found at Top Gaming Firms

Gaming companies were warned to increase their cybersecurity procedures after researchers with Kela discovered 500,000 credentials associated with employees’ corporate email addresses and a million compromised internal accounts on the dark web. The accounts were connected to the top 25 publicly listed gaming organizations and included companies such as Nintendo and Ubisoft. The accounts listed for sale were for internal resources including Virtual Private Network (VPN) accounts, Single Sign-On (SSO), FTP servers, Jira servers, admin panels, and other servers that could allow the gaming companies to become victims of larger customer data theft, corporate espionage, or a ransomware attack. Many of the accounts discovered were available for free and were likely exposed after breaches from third-party firms. Threat actors use compromised accounts and credentials to establish a foothold in victim’s networks when conducting a large-scale attack.

Analyst Notes

Data theft, ransomware, and other attacks continue to be a lucrative business for cybercriminals. Organizations must ensure employees are properly trained on best security practices. Multi-Factor Authentication (MFA) is necessary to protect any account, especially email accounts of employees who have access to sensitive information. Cyber threat actors often target email accounts because access to a victim’s email account allows them to reset passwords to many other online systems easily. Passwords alone are not enough to protect sensitive information, especially if employees choose the same or similar passwords for multiple sites—criminals and government-backed hackers alike often use lists of passwords leaked from other websites when they attempt to guess passwords for email accounts or remote access accounts. The Binary Defense Counterintelligence service monitors for leaked information, including passwords, associated with clients’ brand names and domain names. If a threat actor gains access to a corporate network via a VPN or other remote access facility using an employee’s password, it can be difficult to detect the intrusion and distinguish the attacker’s activity from that of the employee whose account was compromised. To defend against such attacks, it’s important to monitor user account activity for patterns of behavior, and detect when employee accounts run unusual programs, attempt to access administrator accounts, or move laterally to other systems that they normally don’t access. Binary Defense’s Security Operations Task Force monitors clients workstations and servers 24/7 to detect attacks based on possible attacker behaviors and prevents intrusions in the early stages to keep companies from suffering major damage.

Source: https://www.infosecurity-magazine.com/news/one-million-compromised-accounts/?&web_view=true