August 5, 2015 By Dana Tamir 2 min read

A cybercriminal going by the name DetoxRansome claims to have stolen some of the login credentials of Bitdefender’s users and threatened to release the details if $15,000 is not paid as ransom. The attacker told Forbes that all information, including passwords and usernames, was unencrypted.

The antivirus software provider Bitdefender confirmed that customer login credentials were obtained by the attacker but stated that a very limited number of usernames and passwords has been exposed. Their spokesperson stated that the attack did not penetrate the server, but “a vulnerability potentially enabled exposure of a few user accounts and passwords.” The attack leaked a “very limited” number of usernames and passwords — less than 1 percent of Bitdefender’s small and medium business customers, according to the spokesperson.

These days, most targeted attacks make use of stolen credentials. Fraud expert Avivah Litan wrote earlier this year that “password compromise is the most common way bad guys get into our accounts.” She continued, “Over the past couple of months, Gartner clients have been telling us [Gartner] about the significant rise in automated attacks, whereby hackers use bot armies to run through user credentials at various consumer service websites, knowing that a few percent of them will probably work.”

According to a Gartner survey conducted several years ago, over two-thirds of consumers reuse their passwords across sites whenever they can. Many employees reuse their corporate passwords for accessing personal online services and applications. This is a dangerous practice because, if stolen or exposed to others, that single password can provide access to multiple systems and sites. Furthermore, cybercriminals know this, which is why even seemingly innocuous credentials are so valuable to them.

To minimize risk, it is imperative that, in addition to education programs, organizations enforce password security policies that require employees to use different passwords for accessing corporate resources and noncorporate online services. This can easily be achieved with credential protection platforms that can automatically alert on and optionally prevent password reuse by employees.

As this breach demonstrates, exposed or stolen credentials can have a far-reaching impact, both on the source from which they were stolen and the customers that may now be exposed.

Can’t get enough ransomware stories? Read more about the enterprise boogeyman and its older cousin, DDoS Extortion.

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-ranking banking trojan Ramnit out to steal payment card data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today