It is estimated the over five billion unique user credentials are circulating on Darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks. Researchers discovered that more than 15 billion user credentials are in circulation, of which 5 billion username and password combinations do not have repeated credential pairs and have been advertised on underground forums only once, according to the recently issued report. More often credentials that are exposed are reposts or collections of previously exposed credentials. It is likely these issues may have already mitigated the risk. The keyword here is, “may.”
There has been a 300 percent increase in the number of stolen credentials circulating on in underground forums since 2018. After a recent 18-month cyber investigation, researchers estimate that the banking credentials stem from nearly 100,000 data breaches that have taken place over the last two years. Many have noticed more credential stuffing lists in circulation in recent time frames. Some blame the [COVID-19] pandemic and associated scams, yet these events are being copied at a high rate.
All levels of hackers are using numerous tactics and techniques to carry out bank account takeovers. Some criminals buy credentials on deep/dark marketplaces, where a single account costs on average $15.43. But the more sought-after banking credentials sell for an average of $70+. The price for access to a single bank account can exceed $500 depending on factors such as the amount of money in the account, the availability to access personally identifiable information and the account's age, the report notes.
The underground advertisements for access to these types of high-end accounts comprised 25 percent of all ADs in illegal sites. Researchers additionally found that credentials for domain administrator access to corporations and government agencies, where there is potential for a complete network compromise, can be sold in bidding wars for as high as $140,000. The average selling price is about $3,100.
To give a potential buyer of admin credentials additional information to help make a sale, some underground forums include details such as the number of devices running on the network, how many employees work at the company, and any intellectual property or sensitive documents on the system. Often employing bad practices, many people use the same credentials across multiple platforms. This leaves users vulnerable to account takeovers by hackers implementing brute-force attacks. The tools for such attacks can be purchased in underground forums for an average price of $4. Apart from buying bank credentials in the underground, cybercriminals also use brute-force cracking tools and account checkers to steal information.
Many hackers also harvest banking credentials using Trojan malware, keyloggers, and man-in-the-middle browser attacks, which enable them to steal the data directly from victims' online banking portals. Once a hacker obtains a list of credentials, they can then buy or rent tools for credential-stuffing attacks, automated login attempts using a combination of usernames and plaintext passwords.
Some sites rent out identity credentials for a limited amount of time for less than $10. These sites offer not only access to compromised bank accounts, but also browser data, such as IP addresses, time zones, and cookies, which make it easier to avoid detection. Cybercriminals also sometimes share credentials for free on forums to help build a sense of community.
Your personal/home computers allow you to access many merchants and financial web sites and accounts. A security suggestion for users is to constantly change your passwords to a new sequence. This may be a pain but will save you from being compromised. Try to never us pet names, birthdates, anniversary dates that can be found posted on social media. If you are using a word or name, substitute a number or a special character for vowels and randomly use capital letters and numbers. Changing your password avoids several dangers, including some that are less obvious, such as what happens to the passwords you have saved on computers you no longer own.
- It can be tempting to use the same password on every account you have, whether for computers and network equipment or online accounts, as it is much easier to remember a single one. But it also means that if someone figures out your password, a hacker can gain access to every account you have. Changing your passwords to something different and unique to each account will make it so that even if someone does guess one password, he cannot use it for anything else.
- Not all hackers take what they need and leave. Occasionally hackers may continue accessing your account, either to monitor your data or continue stealing information over time. It can be difficult to figure out if someone else is using your account, so by changing your password consistently, you reduce the risk that other people will have frequent access to your accounts. Consider changing your password every few months to be on the safe side.
- If you use the same password for long stretches of time, you increase the risk of someone guessing your password. Whether it is from someone watching you type in your password a number of times or someone repeatedly trying to guess it, the longer you have the same password, the longer people have to try to find out what it is. Do not let people watch you log in to your accounts, and avoid using short, easy-to-guess words or phrases.
- If you ever switch computers with other people, or if you get rid of old computers without reformatting the hard drive, it's possible that anyone who uses your old computer will have access to your saved passwords. Giving someone a computer with saved passwords is like giving them access to your accounts. Consistently changing your passwords will mean that even if someone has found an old password of yours, it will no longer be relevant or useful.
- When coming up with a new password, you want something that can be safe from guesswork and hacking attempts. You may be tempted to use a long password, but the quality is much more important than quantity. Hacking programs can guess passwords by combining random words and phrases together, as well as any information relevant to you. To combat this, avoid using any personal information such as dates, addresses or names. Also avoid using simple words and phrases; if you do, make them grammatically incorrect to avoid guessing. Use random combinations of numbers, letters and symbols that can still be easy to remember. For example, instead of "password," which should never be used under any circumstance, you could use "p4$$w0rD." It is still the same word, and still short, but far harder to guess either by human or program.
Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization.
For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org