Miners’ passwords found for sale on the dark web
More than 90,000 login credentials linked to employees of Australia’s top mining companies have been found for sale on dark web bazaars.
More than 90,000 login credentials linked to employees of Australia’s top mining companies have been found for sale on dark web bazaars, according to a report by Israeli intelligence company KELA.
KELA, which tracks the activity of cyber criminals on the internet’s seedy underbelly, says in a new report it has also found compromised accounts that could provide access to the internal systems of some of Australia’s biggest mining companies.
Speaking to The Australian, Victoria Kivilevich, a threat intelligence analyst at KELA, said cybercriminals who obtained this data — readily for sale on the dark web — could use it to advance phishing schemes, such as sending realistic-looking emails seemingly from a colleague or supplier that lure victims into downloading malicious links that plant malware on corporate systems.
That could open up mining company systems to ransomware that could disrupt processes or, in a worst-case scenario, cybercriminals could use the opportunity to lock systems and prevent mining companies from continuing operations until a ransom is paid.
“We’ve identified more than 91,000 leaked employee-credentials pertaining to the top five Australian mining companies. These exposed credentials are email addresses or email and password pairs belonging to mining companies’ employees, extracted from various breached databases constantly traded and circulating in the underground,” the Kela report says.
“These databases mostly include private and corporate email addresses and associated passwords, including plain text ones.”
While the email and password pairings were only for the breached websites — including a South Africa-based mining news website read regularly by many global employees and investors — Ms Kivilevich warned the reuse of passwords across multiple sites, and even internal logins, could give direct access to corporate systems. “By leveraging the tens of thousands of credentials that are publicly circulating, an attacker may be able to access these internal resources by testing out the different corporate email addresses and passwords that are exposed,” the KELA report says.
And by pairing the leaked credentials with other data also available for sale, Kela says criminals can buy compromised corporate accounts and gain access to internal systems at major miners, potentially opening them up for further attacks.
“In our research, we identified that accounts for security token services were compromised for three of the top five companies. These services instantly provide cybercriminals with access to the companies’ corporate environments, enabling them to manipulate security mechanisms within them,” the report says.
“Within these compromised accounts, we also identified that accounts to active directory services were compromised — accounts that can be used to access systems and applications located across organisational boundaries.
“Upon further research, we also detected a compromised account that likely leads to the intranet of one of the companies. By purchasing this account, the attacker is instantly granted access to the internal computer network of the organisation and gains visibility into internally shared information by the organisation.”
Ms Kivilevich said the coronavirus pandemic had proved a boon for criminals as millions of employees moved to remote-working environments.
More Coverage
Apple set to release ‘newest member of the family’
Apple chief executive Tim Cook will unveil a new product next week, sending the tech giant’s stock as much as 2 per cent higher.
Motorola nabs $500m deal for Victorian emergency comms
Victorian has spent half a billion dollars on the extension of an emergency communications network connecting some 32,000 smart radios across the state.