CASE STUDY: How do hackers monetize a phishing expedition?

One of cybersecurity superstar is Brian Krebs, who talked of the Sizmek Inc. [NASDAQ: SZMK] security breach (read the Krebs article here). If you wonder how hackers got into the guts of Sizmek, note they do NOT have DMARC email spoofing/phishing enforcement (Duh). So how do the hackers monetize getting into the guts of this online advertising firm and how do they make money? As Krebs writes:

“You can add new users to the ad system, edit existing ones and ad offers,” the seller wrote. The starting bid was $800.

Some of the companies shown in the screenshot of the panel shared by the dark web seller include PR firm Fleishman-Hillard, media giants Fox Broadcasting, Gannett, and Hearst Digital, as well as Kohler, and Pandora.

So you can run digital ads in 70 countries, connecting 20,000 advertisers and 3,600 agencies.You have the ability to "modify ads and analytics for a number of big-name advertisers."

You're not protected from email spoofing? You can explain to your CISO at his exit interview that this is Charles Darwin at work, "thinning the herd." Adios, schmuck!

Mad Max