New Report Reveals How Long Hackers Keep Using Compromised Accounts

News and Analysis

Security firm Barracuda Networks and UC Berkeley have jointly researched cybercriminals’ behavior once they take over accounts, specifically focusing on the end-to-end lifecycle of a breached account.

The parties investigated 159 compromised accounts across 111 organizations in a bid to find out how threat actors take over accounts, how long attackers remain in compromised accounts, and how they use and extract information from these accounts.

Dwelling in the Account for Weeks or Even Months

According to a report published on July 23, some bad actors remain in compromised accounts for weeks or even months, with 33% of attackers dwelling in the account for over a week.

The report’s findings indicate the following:

  • Nearly 80% of threat actors did not access any applications outside of email,
  • 20% of breached accounts appear in at least one online password data breach,
  • 31% of compromises reflect an increasingly specialized market for account compromise.

To get access to email accounts and steal credentials, hackers opt for brand impersonation and phishing. The report further explains:

“Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled, so they can launch subsequent phishing attacks, including harvesting financial information and additional login credentials for other accounts.”

Sometimes hackers reportedly sell stolen login credentials to other threat actors, and thus a different attacker continues using the compromised account mining for information and extracting value from it.

Focus on Corporate Networks

The researchers discovered that in 98% of breached accounts, hackers accessed at least one email-related Office 365 app, including Microsoft Outlook. This reportedly enabled them to obtain access to contact lists and relate that data with any confidential and financial information of the employee and the organization.

As previously reported by, hackers seem to have shifted their focus from individual servers to corporate networks. In the second half of 2019, the number of postings on illicit marketplaces offering access to corporate networks reportedly began surging.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts