© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Top company bosses are being headhunted – by threat actors

Nearly every large company executive has their details held by data brokers online, rendering their businesses vulnerable to attack by cybercriminals, research from Blackcloak suggests.

The cybersecurity analyst investigated 750 of its clients, most of them executives or board members at Fortune 1000 and other large organizations. It found that 99% of them were listed on data broker websites – legal entities often used by cybercriminals – and some individuals were listed on more than a hundred such platforms.

The quality of the data varied, but seven in ten profiles featured sensitive personal information including social media details and photos from popular sites such as Facebook and Linkedin.

More worryingly, all but one in twenty contained data on an executive’s family, other relatives, and even neighbors. Four in ten profiles featured IP data on personal computers, and brokers held an average of three email addresses per executive.

Data broker site entry featuring details for purchase

“While maintaining data on three personal email addresses may not seem that significant to the novice eye, access raises the risks of fraud and impersonation emails,” said Blackcloak. “Access to an executive’s IP addresses could lead to a Distributed-Denial-of-Service (DDoS) attack, network eavesdropping and communications hijacking.”

Blackcloak stressed that top bosses were now the weakest link in large corporations’ cyber defenses, explaining the multiple troves of data being kept on them by cybercriminals.

“Executives have become the soft underbelly of enterprise security,” it said. “Cybercriminals know that the path of least resistance into their primary goal – the enterprise – is now often through the online privacy, personal devices, and home networks of a company’s most esteemed leaders.”

Though data brokers are not yet illegal, the US Congress is debating a law that would set up a national “opt-out” list for those who do not want their details harvested by brokers – who can then sell them on to the highest bidder, or even in some cases give them away for free.

But Blackcloak poured cold water on the bill, warning that “legislation can take a long time to become law, and an even longer time to begin making an impact.”

Currently the only way to remove details from data broker sites is to hire someone to do it manually, one site at a time, a service Blackcloak provides but described as “a tedious task that often needs to be repeated every other month.”

Some pundits have even branded data brokers a threat to democracy, with Emmy-award winning show presenter John Oliver calling their industry a “sprawling, unregulated ecosystem which can get really creepy, really fast.”

More from Cybernews:

British retailer Funky Pigeon suspends digital orders following a “cyber incident”

Fake kidnap scams: from a prison cell in Mexico to the board room of a top firm?

The US warns North Korean hackers focus on blockchain firms

China cyber spies fewer but more focused, says study

Brian McMahon, ThreatBlockr: “companies are often unaware that their cybersecurity posture may be lacking”

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked