Following the recent news that cyber experts have uncovered 2 million stolen passwords to web accounts, Tom Cross, director of security research at Lancope, comments:
"Although many of the accounts stolen in this case are for popular social networking sites such as Facebook, Twitter, and Linkedin, other credentials in the attacker's collection may be the ultimate objective. Attackers usually seek to compromise social network accounts because they provide a mechanism for further spreading their malware. An attacker who controls your social networking profile can send messages to your contacts with malicious embedded links that will infect their computers. In this way, attackers can spread their botnets from victim to victim through the social network.
Many botnet builders are satisfied with trying to infect as many hosts as possible. These hosts are then sold off to other criminals who upgrade the malware on the host to steal additional information (such as credit card numbers) or perform other kinds of attacks. In this case, however, the attackers appear to have collected some login information that has a direct financial value to a criminal. Logins for payroll service provider ADP could provide attackers with access to sensitive personal information that could be used to commit fraud. Logins for FTP, RDP and SSH services provide the attacker with control over servers on the Internet, which may also contain sensitive information."
- Ends -
For further information, or to speak with Tom, please contact:
Lara Lackie, Eskenzi PR
T: +44 (0)207 183 2834
E: lara@eskenzipr.com
Distributed by Pressat
E. rocketpoppr@outlook.comAdditional Contact(s):
Jean Matthews
Samantha Jones
Beehive Mill
Jersey Street
Manchester
M4 6AY
No media attached. Please contact Rocket Pop PR for more information.