SOCRadar® Cyber Intelligence Inc. | How Hackers Find Your CEO’s Password and Abuse It


Jan 07, 2021
6 Mins Read

How Hackers Find Your CEO’s Password and Abuse It

Poor password habits are found everywhere, even in big companies despite the password policies required. The credential leak is one of the most common use cases for a variety of sectors, and enterprises have no choice but to be more strict with the policies to prevent these leaks.

Employee credential leaks

With passwords being easy to get, credential leaks are frequently run across in hacker forums or dark web black markets. Also, with them being the most common user authentication, the wrong policy mixed with bad password hygiene makes it the most common case for all kinds of companies.

The biggest problem is that people tend to use the same password on different platforms. Especially when they think they have the ‘ideal’ code.

Just because the message during sign up says you have a ‘strong password’ that doesn’t indicate it is uncrackable. There exist ever-changing techniques to crack a password, and you can’t keep up, at least not while you use the same password for years.

C-level employees credential leaks

Leaks of company executives on the dark web are not uncommon at all. Just like other employees, C-level employees use different platforms and services in their daily life. And to log in, they need to provide an email address, which sadly, sometimes happens to be corporate email.

The problem doesn’t stand at the C-level employee (partially does), but at the service, he/she was using. In case that service gets hacked, their password could be leaked. Now, imagine that this leaked password is the same one this C-level employee uses to log into corporate systems.

In those leaks, other personal information of C-level employees could be easily found, information like birthdays, addresses, phone numbers, etc.

To protect their own accounts, as well as company data, employees need to use unique passwords on different platforms. This will make things more difficult for hackers who are wishing to get into your company system, by using your leaked password from another platform.

To prevent these issues, one needs to know how hackers gain access to a password in the first place.

How are your CEO’s credentials taken?

There are ever-changing methods that hackers use to gain access to the CEO’s passwords, but the most common ones are different ways of phishing, social engineering, malware, and similar. But let’s not forget this, good password hygiene, multifactor authentication, and the right phishing awareness training can reduce a great amount of the issue.

Phishing / CEO fraud and social engineering

Phishing is seen in many different forms, but the most critical one for companies is without question spear phishing. This phishing technique is used to gain access to accounts of specific individuals in a company. A legitimate-looking mail, containing malicious content, is sent to these individuals with the hope they will carelessly click on it.

A similar, but the riskier technique is CEO Fraud, also known as whaling. Here, the specific individual is a high executive, and after he/she falls prey, the credentials gained access to, will be probably used to send more malicious content to other employees. Hackers’ goal is to monetize the stolen data, so the more they get, the higher profit for them.

Social engineering is used in most cases, and unfortunately, just as people are getting more aware of these kinds of attacks, hackers are expanding their social engineering capabilities.

Brute force: Weak passwords are easy to guess

Brute Force is a fairly primitive technique (maybe the one that is mostly seen in films). Hacker tries to log into your CEO’s account using different password options until the correct one is guessed.

It is not uncommon to see weak leaked passwords like ‘12345678’, ‘password1’, ‘11111111’, and similar. Actually, these happen to be some of the most used passwords found in breaches. Some use birthdays, kids’ names, company name, and other easily guessable words/numbers.

If some hacker wants to crack your CEO’s password, at least make the job difficult for them, don’t let them get it ‘for free’. Password policies could help your company out with this problem.

Malware: Hackers biggest assist

Malicious software, or as we all call it, malware is the perfect way to steal sensitive data. Everything starts with recon, but the biggest part is done by the malware. In the big family of malware, getting access to passwords, personal information, code, etc. is done by recording user activity. Of course, the hacker first needs to find a way how to get this malware into your CEO’s device. Phishing, USB divides, infected apps are different ways to distribute malware.

What does a hacker do with your CEO’s password?

Of course, a hacker’s biggest motivation is money, and the main goal is to monetize the stolen sensitive data. Employee account leaks can create high profit for them, the more they have, the better. Yet, C-level executives are, with no question, more lucrative.

Leaked credentials are usually being sold in different black markets and other dark web forums and prices differ by level of employee leaked, and company size for sure.

Other hackers’ intention would be to get even more sensitive data and that could be done by creating a ‘CEO scam’, also known as BEC. Once a hacker has the email and password of the CEO, with a little recon, he/she can create the perfect phishing email to lure more employees into getting infected with malware.

How to prevent CEO credential leaks?

The first thing to be done is to start using multi-factor authentication. Email-based authentication would not be a perfect solution, basically because all emails can be easily compromised, yet, it is better than nothing.

Educate the staff (especially C-level employees) to practice better password hygiene; stop using the same password for different services, create less common passwords, frequently update them, and never share them (if for some reason they’d need to do that).

Create a strict password policy, to avoid embarrassing your company with a weak password of the CEO.

Discover SOCRadar® Community Edition for free

With SOCRadar® Community Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.