Stolen credentials and the rise of the 'traffers'
Even as we move towards passwordless authentication methods, stolen credentials remain a major problem for businesses.
A new report from cyber risk management company Outpost24 highlights the increasing professionalization of the market for stolen credentials thanks to the rise of what are known as 'traffers'.
So, what are traffers? They are highly organized cybercriminal groups that spread different types of malware families with the goal of exfiltrating credentials or making a profit. To spread the malware as far and as widely as possible, they have formed an industry-like structure of product and service providers, as well as dedicated market places, in the form of Telegram channels, to facilitate the sale of those credentials.
The traffers target their would-be victims by driving their internet traffic with Google and Facebook Ads to fraudulent content. Traffers have developed a business model that involves specific recruitment, training, and compensation, all of which distinguishes them from other cybercriminals.
The report looks at the price spike of information-stealing malware, the subscription models for accessing stolen credentials, and even the earnings of the traffers themselves. It demonstrates the increased levels of activity and demand in the cybercriminal ecosystem.
"Credentials, and the tools used to steal them, are a commodity. With the growing trend of Initial Access Brokers (IABs) we know that criminal groups are willing to pay for services, which means they expect a bigger profit in return," says Victor Acin, head of the KrakenLabs at Outpost24. "That's bad news for businesses."
Teams of traffers are run by admins who recruit others, creating documentation and tutorials so that even the most inexperienced traffer can start working and generating income. Channels are used to share the statistics of stolen credentials, cookies and credit cards generated by a given traffer, often gamifying the process with rewards for the most successful. Top traffers can earn thousands of dollars from their activity.
The Rising Threat of Traffers report provides practical advice that can help protect credentials, and help businesses avoid malware infections distributed by traffers teams.
The full report is available from the Outpost24 site.
Photo Credit: JMiks/Shutterstock