Many cybercriminals dwell in compromised email accounts for more than a week, according to a new report from cloud security vendor Barracuda Networks.
The report claims that dwell time extends beyond a week in more than a third of cases, giving the hacker room to decide how best to utilize the account. In most cases, the initial hacker later sells the account details on the black market.
“This reflects an increasingly specialized, and layered criminal market for account compromise,” explains Barracuda.
Analyzing 159 compromised accounts across 111 organizations, the company also found that 20 percent were associated with at least one online data breach. This shows that cybercriminals look to capitalize on the fact people often reuse credentials across multiple online services.
In most cases, according to Barracuda, the attackers didn’t access any other applications outside the email account.
“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximize the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said Don MacLennan, SVP Engineering, Email Protection at Barracuda.
“Being informed about attacker behavior will help organizations put the proper protection in place so they can defend against these types of attacks and respond quickly if an account is compromised.”