A recent faux phishing scheme designed to track the activity of hackers accessing the “leaked” data confirms what we already know — hackers gravitate towards corporate data, and not by the dozens, but by the hundreds.
A fake persona, “Dennis”, was created complete with accounts to a fake bank web portal, Google Drive, and even Facebook and LinkedIn.
Over a 30-day period, his account was viewed hundreds of times and many hackers used the Drive credentials to access the victim’s other online accounts. Some 12 percent of hackers downloaded Google Drive download files, with several cracking the encrypted files. The hackers hailed from more than 30 countries around the world, including Russia, U.S. and China.
The results, including more than 1,400 visits to the credentials and a corresponding bank website, were startling and serves as yet another wake-up call for organizations, whose employees are perennially the weakest link to enterprise security. It should also tell CIOs that enterprising criminals are easily enticed by corporate information housed in the darkest corners of the Web. (source, emphasis mine)
One thing to highlight from the quote above — security professionals may well be aware of the many malicious methods of hackers, but other employees are likely not as savvy and tend to be the security gap in any given organization.
One security method called out by the article as “good cybersecurity hygiene” is implementing multi-factor authentication. GreenRADIUS is such a solution, one that is easy to use and easy to maintain. Contact us today to learn more.