We just read about an attack on Orange France, where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs.
This could potentially trigger a domino effect of other companies being breached due to the personal data that the attackers acquired. There is a huge marketplace for selling personal data online.
Since people tend to reuse the same password across different websites and their corporate accounts, the attackers may try to access these services by reusing the acquired password, by guessing credentials based on various passwords that were used in the Orange services in the past, and by having personal data that could be used for the password recovery questions.
The personal data that was uncovered could also be used to craft phishing campaigns that would deceive users into compromising their corporate credentials. Even highly trained individuals could click a link in a well-crafted phishing mails, just because sophisticated attackers make them look real and include personal information that helps deceive the individual.
We developed Rapid7 UserInsight, so that you can fight deception-based attacks on your users. We included in UserInsight capabilities to detect indication of deception including:
- Access to the network from and to malicious domains
- Elevated domain privileges
- Reactivation of disabled accounts
- User account information leaked in major breaches
- User account information offered for sale
All of these are common behaviors that attackers use after compromising user credential in common deception-based attacks. I recently discussed this topic in my webcast "The Anatomy of Deception Based Attacks", which I highly recommend you to watch.