Whereas cybercriminals are busy searching for victims, they is perhaps quietly below assault as properly, in line with new analysis.
After analyzing hundreds of thousands of computer systems contaminated with info-stealing malware, researchers at cybersecurity agency Hudson Rock mentioned they recognized 120,000 that contained credentials used for logging into cybercrime boards.
Though it’s tough to say whether or not these units had been owned by cybercriminals, the researchers mentioned they had been capable of establish the true identities of some hackers by extra credentials discovered on the units, equivalent to e mail addresses, usernames and cellphone numbers.
“These findings inform us that simply as extraordinary individuals fall sufferer to info-stealer infections, hackers are inclined to them as properly,” Alon Gal, chief expertise officer at Hudson Rock, advised Recorded Future Information.
The examine additionally reveals that whereas cybercrime discussion board customers would possibly prey on ignorant victims, they are not essentially tech-savvy themselves, he added.
“That is significantly true for budding cybercriminals who haven’t but developed a full understanding or appreciation of operational safety follow, and even have begun to totally function in a felony method,” mentioned Tim West, head of cyberthreat intelligence at WithSecure.
Hudson Rock analyzed the highest 100 cybercrime boards and found that Nulled.to has the most important depend of compromised customers – over 57,000. It’s adopted by Cracked.io and Hackforums.web.
These boards share leaked knowledge, equivalent to porn, knowledge dumps or cracked software program free of charge.
“Oftentimes these freely shared hyperlinks are both simply malware like stealers or downloaders or are backdoored or maliciously modified variations of the alleged cracked software program,” Marisa Atkinson, senior analyst at cybersecurity agency Flashpoint, advised Recorded Future Information.
The researchers additionally seemed into the passwords of the compromised cyberforum customers and discovered that the discussion board with essentially the most “safe” consumer passwords was Breached.to, whereas the one with the weakest passwords is the Russian web site Rf-cheats.ru. Typically, the passwords on cybercrime boards had been stronger than these seen in lots of different sectors, in line with the report.
Nearly all of info-stealer infections had been attributed to the Redline stealer, adopted by Raccoon and Azorult.
These assaults weren’t directed at any particular targets. “Data-stealer infections of this type are opportunistic,” Gal mentioned. “Hackers are attempting to contaminate as many computer systems as potential, a few of which occur to belong to hackers.”
Based on Hudson Rock, info-stealer infections have surged by 6,000% since 2018. They’ve develop into the primary methodology that risk actors use to initially breach organizations and perform varied cyberattacks like ransomware, knowledge breaches, account takeovers, and company espionage.
The truth that hackers themselves can develop into targets of such assaults can have a major impression on the trade, in line with Gal.
“Legislation enforcement businesses stand to achieve vital advantages from these findings, as the information might function essential proof for attributing cybercriminal actions,” he mentioned.
Recorded Future
Intelligence Cloud.
Study extra.
Daryna Antoniuk
Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Unbiased and The Kyiv Put up.
