Secureworks’ Threat Prevention Unit (CTU) has revealed a significant increase in stolen logs in the Russian market of online marketplaces, up 670%.
Described in a report called “The Growing Threat from Information Thieves,” the new findings show that thriving information theft plays a pivotal role in facilitating cybercriminal activities such as ransomware attacks. sheds light on the consumer market.
“Information thieves are the obvious choice for cybercriminals.” […] We aim to gain access to businesses quickly and monetize that access,” said Don Smith, Vice President of Secureworks CTU. “They are easy to buy and within just 60 seconds have immediate results in the form of stolen credentials and other sensitive information.”
With infostealer malware still readily available and cybercriminals using increasingly sophisticated techniques to deceive users, it is becoming more difficult for victims to detect and remove these threats. Secureworks explained.
“As far as information thieves are concerned, the big game changer is the improvement in the various methods criminals use to trick users into installing them, such as fake messaging apps and cloned websites,” added Smith. rice field.
“Coupled with the development of dedicated marketplaces for selling and buying this stolen data, it becomes even more difficult for victims to detect and remove information thieves.”
The Secureworks report also showed a 150% increase in log sales in the Russian market in less than nine months, from 2 million in June 2022 to more than 5 million in late February 2023. ing. About 2 years.
“What we are seeing is an entire underground economy and aiding infrastructure built around information stealers, allowing relatively unskilled attackers to engage as well as , could also potentially be profitable,” Smith added.
Secureworks observes that law enforcement actions against Genesis Market and Raid Forums are shifting log trading to dedicated Telegram channels. At the same time, the Genesis Market Tor site continues to operate despite arrests and domain removals.
Read more about RaidForums takedown: RaidForums Hacker Marketplace Closed Due to Cross-Border Law Enforcement Efforts
Additionally, there is a growing market for after-action tools to assist with log analysis, meeting growing demand as the availability of infostealers and logs expands.
“Ensuring multi-factor authentication is implemented to minimize damage from credential theft, being mindful of who can install third-party software and where it is downloaded from, and comprehensive security across hosts, networks, and clouds. Implementing surveillance is an all-important “factor in a successful defense against the information stealer threat,” Smith concluded.
