Dark web market in infostealers is booming
A new report from the Secureworks Counter Threat Unit (CTU) uncovers a thriving market in infostealer logs that serves as a key enabler for some of the most damaging forms of cybercrime such as ransomware attacks.
On the 'Russian Market' site alone, the number of logs for sale increased by 150 percent in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.
Over a two year period the overall growth rate for the number of infostealer logs for sale on Russian Market was a whopping 670 percent. It remains the main market place for infostealer logs with five million logs for sale, around ten times more that its nearest rival 2easy.
"Infostealers are a natural choice for cybercriminals who are looking to rapidly gain access to businesses and then monetize that access," says Don Smith, vice president threat research at Secureworks CTU. "They are readily available for purchase, and within as little as 60 seconds of installation on an infected computer will immediately generate a return on investment in the form of stolen credentials and other sensitive information. However, what has really changed the game, as far as infostealers are concerned, is improvements in the various ways that criminals use to trick users into installing them. That, coupled with the development of dedicated marketplaces for the sale and purchase of this stolen data, has really upped the ante."
Recent law enforcement action against Genesis Market and Raid Forums has impacted cybercriminals' behavior. Telegram has been a beneficiary of this, with more buying and selling of logs for popular stealers such as RedLine, Anubis, SpiderMan and Oski Stealer shifting to dedicated Telegram channels.
There's also an emerging market for after-action tools that help with log parsing, a manual and challenging task often left for more experienced cybercriminals. As the number of infostealers and available logs increases, it is anticipated that these tools will continue to become more popular and help to lower the bar for entry.
You can read more on the Secureworks blog.
Image credit: focuspocusltd/depositphotos.com