Following the recent news that cyber experts have uncovered 2 million stolen passwords to web accounts, Tom Cross, director of security research, Lancope, says:
"Although many of the accounts stolen in this case are for popular social networking sites such as Facebook, Twitter, and Linkedin, other credentials in the attacker's collection may be the ultimate objective. Attackers usually seek to compromise social network accounts because they provide a mechanism for further spreading their malware. An attacker who controls your social networking profile can send messages to your contacts with malicious embedded links that will infect their computers. In this way, attackers can spread their botnets from victim to victim through the social network.Many botnet builders are satisfied with trying to infect as many hosts as possible. These hosts are then sold off to other criminals who upgrade the malware on the host to steal additional information (such as credit card numbers) or perform other kinds of attacks. In this case, however, the attackers appear to have collected some login information that has a direct financial value to a criminal. Logins for payroll service provider ADP could provide attackers with access to sensitive personal information that could be used to commit fraud. Logins for FTP, RDP and SSH services provide the attacker with control over servers on the Internet, which may also contain sensitive information."