Big Pharma Under Attack: 68% of Top Executives Have Had Their Credentials Leaked

In a recent report titled 'The Path of Least Resistance,' researchers from BlackCloak talked about cyberattacks aimed at high-level executives working in the pharmaceutical industry. Before we get to the key findings, let's see why the experts picked this particular name for their research paper.

How hard is it to attack C-level executives?

You might think that attacking a high-profile executive in a big company would be very difficult. You might think that large organizations employ cybersecurity experts who have predicted all scenarios and have taken all the necessary precautions to ensure that the corporate network is well protected. To some extent, this is true.

All big companies, regardless of the industry they operate in, have cybersecurity high on their priority lists. Entire teams have their work cut out staying one step ahead of the cybercrooks, and for the most part, they are managing to do it. Unfortunately, some things are out of their control.

The employees themselves, and this includes the high-level executives, can undo all the work done by the security experts with a single mistake. This is happening way too often.

BlackCloak's experts wanted to prove that to get into a corporate network of a large pharmaceutical company, the hackers don't necessarily need to beat all the defense measures set up by the teams in charge of cybersecurity. There are much easier ways, and criminals have been exploiting them, hence the name of the report.

Executives’ credentials can easily be found on the dark web

The experts put together a list of executives who work for some of the world's biggest pharmaceutical companies. Thanks to professional social networks like LinkedIn, this wasn't difficult at all, and it was also fairly easy to find email addresses and contact information, which, considering the positions these people hold, shouldn't be too much of a surprise.

Armed with this information, BlackCloak's researchers scanned the dark web marketplaces to see how many of the top-level executives have had their personal data breached. It turned out that 68% of the emails have been exposed during a hacking incident over the last 5-10 years. Of those, 57% were combined with a plaintext password.

Further analysis of the data showed that a large portion of the credentials were exposed during the LinkedIn data breach from 2015, and it revealed that although they have proved their company management skills, when it comes to password management, some of the test subjects are lagging behind quite a bit.

About 3% of the exposed executives have used the names of the companies they work for as their passwords, and they have done that for a worrying number of years. Password reuse between personal and work-related accounts is by far the biggest problem according to the researchers, and they worry that it's about to have an even bigger impact.

The COVID-19 pandemic and top-level executives’ poor password management

The coronavirus pandemic has locked many people at home and has forced them to work remotely. In all likelihood, this includes the executives included in BalckCloak's research, and the experts fear that this could be a big problem.

The fact that they tend to use the same weak passwords on both their personal and business accounts could give attackers a chance to more easily obtain access to the targets' corporate networks that host all sorts of important company information. It must be said that this is a possibility in the office as well, but the potential presence of an IT team that can intervene on a short notice does mitigate the risk to some extent.

It's painfully clear that most of the problems large companies face nowadays aren't rooted in the building or configuration of the IT infrastructure. Usually, the issues come from ill-advised password management practices and a lack of understanding of basic cybersecurity principles. That's why, proper training and education for everyone from the low-level employees all the way to the top brass is well worth the investment.