We all know that hackers are attempting to steal credentials and gain their hands on sensitive information, but how does this process work?
Researchers at Bitglass, a data protection company, completed its second ''Wheres Your Data'' experiment, creating a digital identity (opens in a new tab) for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with real credit-card information.
The company then leaked ''phished'' Google Apps credentials to the Dark Web and tracked activity across the fictitious employee''s online accounts. Five attempted bank logins and three attempted Google Drive logins were completed within 48 hours of the initial leak. An audit by Bitglass'' Cloud (opens in a new tab) demonstrated that over the course of a month, the account was watched hundreds of times and many hackers successfully accessed the victim''s other internet accounts.
Over 1,400 visits were made to the dark Web credentials and the fictitious bank''s web portal, and one in ten individuals attempted to login to Google with the leak credentials. 49% of hackers who accessed the Google Drive discovered the victim''s other internet accounts and attempted to log into the bank''s web portal.
In addition to 12% of hackers who successfully accessed the Google Drive attempted to download files with high quality, hackers came from over 30 countries, although 68% of all users were made from Tor-anonymised IP addresses, with 34.85% of non-Tor visits came from Russia, 15.7% from the United States, and 3.5 percent from China.
"Our second data-tracking experiment reveals the dangers of changing passwords (opens in a new tab) and shows how quickly phished credentials spread, exposing sensitive corporate and personal information," says Nat Kausik, the CEO of Bitglass. "Organisations need a comprehensive system that provides a more secure way of authenticating users, which allows IT to quickly identify breaches and control access to sensitive information."
The whole report, which can be downloaded from the Bitglass website, contains more detail about the experiment and its findings (opens in a new tab).