Hudson Rock's answer

Many cybercrime intelligence intelligence platforms aggregate data from publicly available database leaks, whereas Hudson Rock does not pursue generally available credentials as its main goal. Publicly available databases enable finding old or unrelated credentials by the same user, leaving the hacker to check if they were reused in other, more sensitive services that they’re trying to access. We consider this information to be less valuable, for several reasons:

1. Time - stolen credentials are usually published (for free) after hackers think the leads are not very valuable. This is usually AFTER the actionable threats occurred. Hudson Rock integrates data from compromised computers merely days after they were compromised, and at the same time they are obtained by sophisticated threat actors attempting to perform data breaches and ransomware attacks.
2. Relevancy to clients - data from info-stealers is the most prominent attack vector used by sophisticated hacking groups to obtain initial access to company servers, or to overtake end-user accounts, the data is unrivalled because hackers are able to bypass traditional security measures such as 2 factor authentication by injecting cookies from the compromised computers, or finding the backup codes for revoking the 2 factor authentication stored on the compromised computer.
3. Password reuse dependency - While password reuse is an issue, employees don't tend to reuse passwords to critical infrastructure across different services and end users don’t always reuse passwords across all services they use. The passwords originating from leaked databases are not remotely as impactful as passwords stolen from the browsers of the victims where there is a direct link between the domain they browsed into and their emails and plaintext passwords. This is because when a victim has had a stealer executed on their machine, all the domains, emails, usernames, and passwords they have ever used are captured. This is because when a victim had a stealer executed on his machine, all the domains, emails, usernames, and passwords they have ever used are captured.

Hudson Rock's answer

Every credential presented in Cavalier was stolen directly from the browsers of victims who had a stealer type malware executed on their machine. These malwares are spread by tricking a victim to download a malicious file through various methods. the attacks are usually performed by threat actors in global opportunistic campaigns, with little discretion, so employees in companies that aren't even targeted often have their corporate credentials stolen.

Hudson Rock acquires and purchases compromised information directly from top-tier threat actors, and closed circle hacking groups. What sets this information apart, is its low availability in other high-fidelity threat intelligence companies, and its high accessibility to hacker groups looking for potential targets. Our operational knowhow, and our boots-on-the-ground approach to cybercrime comes from the IDF's 8200 Cybercrime division, and its efforts to thwart nation-state adversaries and professional threat actors.

Hudson Rock's answer

Rapid7, Etoro, BNP Paribas, Playtech, Five9, BlueVine