Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hacker Forum. Show all posts

Infostealer Malware Exposes Over 100K Accounts From Hacking Forums

 

Security experts identified over 140,000 compromised passwords linked to accounts on hacker forums after their owners were infected with data-stealing malware.

Hudson Rock searched its cybercrime intelligence database for infected computers with credentials connected with the top 100 cybercrime sites. It discovered 120,000 identical computers, claiming that many of them belonged to hackers.

When a machine is infected with information-stealing malware, a "substantial" amount of data, including emails and account usernames, auto-fill data containing personal information such as addresses and phone numbers, and system information such as IP addresses, can be retrieved, security firm explained.

“Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organisations and execute cyber-attacks, including ransomware, data breaches, account overtakes, and corporate espionage,” the company added.

Redline, Raccoon, and Azorult accounted for the majority of the info-stealer malware that was discovered throughout the research. The analysis found that the majority of those exposed were from Tunisia, then Malaysia, Belgium, the Netherlands, and Israel.

The cybercrime forum "Nulled.to," which was followed by "Cracked.io" and "Hackforums.net," had the most users who had been exposed to malware. 

It's interesting that the research team discovered that a large portion of the credentials used on hacking sites were more robust than those employed on government and military websites. 

“By analyzing passwords of users from the various forums, Hudson Rock determined that the forum with the strongest user passwords is Breached.to, while the one with the weakest user passwords is the Russian site Rf-cheats.ru,” the vendor concluded. 

The cybercrime underground frequently sees a high number of usernames and passwords in circulation. SpyCloud detected billions more pieces of personal information (PII) and almost 1.5 billion compromised log-in combinations online in 2021.

SpyCloud discovered that 60% of credentials for users who had multiple passwords exposed were shared across accounts, and that number rose to 87% for US.gov emails, leaving them vulnerable to brute force attacks and credential stuffing. 

Prevention tips 

Having strong, dependable antivirus software installed on your device and keeping it updated on a regular basis is the best preventative measure you can take.

You should also use antivirus software that has dark web monitoring technologies so that you'll be immediately informed if your information is compromised. You can either do this by changing your login details or by warning your friends and family to be on the lookout for scammers impersonating as you.

The famous Russian-language hacker forum has banned the mention of ransomware

XSS is a well-known forum where users discuss all kinds of vulnerabilities, exploits, malware, and ways to penetrate other people's networks. Ransomware was also actively discussed there, moreover, among the forum participants there are representatives of Ransomware groups who actively recruited new partners to work on the "Ransomware-as-a-Service" (RaaS) model.

The decision to ban the discussion of Ransomware was made personally by the forum administrator.

The administrator stated that Ransomware is usually not interesting from a technical point of view, while the main purpose of the forum is "knowledge".

"We are a technical forum, we learn, research, share knowledge, write interesting articles. The goal of Ransomware is only to earn money. The goals are not the same," the forum administrator wrote.

He noted that there is a degradation: newcomers see "crazy virtual millions" that are paid from time to time as a ransom for unlocking data, and think that they will be able to get them. Therefore, beginners "do not want anything, do not learn anything, do not code anything, even just do not think, their whole life is reduced to "encrypt - get $”.

The administrator of XSS Forum also said that there is too much PR around the topic, as well as "nonsense, hype, noise" and even politics. The topic of Politics is obviously related to the Ransomware attack on the Colonial Pipeline, which led to a large-scale crisis in the United States.

"The word "ransom" was equated with a number of unpleasant phenomena — geopolitics, extortion, state hacking. This word has become dangerous and toxic," the forum administrator said.

So he decided to ban everything related to Ransomware. Even old forum threads related to this topic will be deleted.

According to Alexey Vodiasov, technical director of SEC Consult Services said that Ransomware is really a way to make quick money with very little effort. It is possible that after the attack on the Colonial Pipeline, US law enforcement agencies may launch an intensive campaign against the cyber underground.