Standing Intelligence Requirements

For the most up to date list of ZeroFox Threat Research’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Details

A combolist package titled “Singapore_combo" was shared on a deep web platform. A combolist is a list of compromised login credentials containing user’s email addresses and passwords. They are often generated by threat actors from a variety of sources to be used in credential stuffing attacks. The login credentials in these lists often come from a threat actor compiling data from previous breaches or exposures to take advantage of user’s who re-use their password on multiple websites or have not changed their password since it was exposed. ZeroFox emphasizes that threat actors often misrepresent the authenticity of some email and password combinations and in some cases completely make up passwords on these lists. From this package, ZeroFox extracted 12,260 email addresses and plain-text passwords. The threat actor did not disclose the ultimate source of the data breach or how it was exploited.

Recommendations

• If not already enabled, turn on the compromised credentials rule for all relevant entities and ensure relevant emails are entered for those entities, or reach out to [email protected] for assistance
• If one of your entities receives an alert, ZeroFox recommends immediate password changes for the affected account
• Enable multi-factor authentication for all of your organizational accounts to help mitigate phishing and credential stuffing attacks