Credentials linked to forums for cybercrime exist on a "staggering" 120,000 computers, many of which are used by malevolent actors.

The research was conducted by Hudson Rock, which examined information gathered from hijacked devices between 2018 and 2023.

According to Hudson Rock CTO Alon Gal, "Hackers all over the world infect computers on the fly by promoting results for fake software or through YouTube tutorials directing victims to download infected software."

"It is not the case that the threat actor infected his own computer; rather, some of the 14,500,000 computers in our database of cybercrime happen to be hacker computers that unintentionally acquired the infection."

A hacker's genuine identity can be determined based on indicators like credentials, addresses, phone numbers, computer names, and IP addresses that are frequently extracted from devices infected by stealer malware.

As one of the most lucrative first attack routes used by threat actors to infiltrate businesses and carry out a variety of operations, from espionage to ransomware, information thieves have also fueled the malware-as-a-service (MaaS) ecosystem.

With over 57,000 users, Nulled.to has the most infected users of any cybercrime forum, followed by Cracked.io (19,062) and Hackforums.net (13,366), according to an analysis of the stolen data.

"The forum with the strongest user passwords is 'Breached.to,' while the one with the weakest user passwords is the Russian site 'Rf-cheats.ru,'" according to the business, with over 41% of the credentials including at least 10 characters and four different character kinds.

"Overall, passwords from cybercrime forums show fewer'very weak' passwords than industries like the military and are stronger than passwords used for government websites."

RedLine, Raccoon, and AZORult are thought to be responsible for a sizable portion of the infections. The top nations from which hackers had access to a cybercrime forum and were infected include Tunisia, Malaysia, Belgium, the Netherlands, and Israel.

The primary conclusions from this research include that although info stealer infections often damage businesses because hackers utilize credentials to access user and employee accounts, they can also be valuable for law enforcement to attribute cybercriminals, according to Gal.

This revelation occurs as a result of Flare's research of more than 19.6 million stealer logs, which revealed that 376,107 of them enable access to business SaaS applications and that logs containing logins for financial services were listed at $112.27, compared to $14.31 for the remainder.

It also comes after Discord.io was briefly taken offline following a data breach in which information about at least 760,000 users was exposed on the brand-new Breach hacking forum, which made an official comeback in June 2023 under the direction of ShinyHunters.

Source: The Hacker News

#bigfishtec #bigfishcanada #bfcybertoday #cybersecurity #CyberCrime #ThreatIntel