Vulnerabilities, Stolen Credentials on Dark Web on the Rise

According to McAfee’s Q3 analysis in the wake of how Hansa and AlphaBay being pulled to pieces on the Dark Web, and Wall Street Market only proves how the largest marketplace in the criminal underground is flourishing. Meanwhile, stolen credentials, vulnerabilities continue to dominate the circles of cybercriminals.

The article on Threatpost reads how the illicit playgrounds for selling narcotics, hacking tools, and hackers for hire and data records, these markets continue to thrive even in the wake of law enforcement action. According to threat research out this month from the McAfee, the disruption of Hansa and AlphaBay created a ripple effect during the quarter, driving cybercriminals to compete, smaller markets, including Dream Market, Wall Street Market, and Olympus Market.

However, “Olympus Market, which was on its way to being one of the top markets, suddenly disappeared in Q3,” the report noted. “There is speculation that the disappearance was an exit scheme initiated by the market’s administrators to steal money from their own vendors and customers.”

McAfee said that several individual sellers have moved away and have opened their own specific marketplaces. “This shift has sparked a new line of business: They hope to operate under the law enforcement and build a relationship with their customers without the fear of being ejected out by the market owners.” According to the report. Defiant website designers who offer to build hidden marketplaces are aspiring vendors.

McAfee noted that stolen digital data will continue to be a key motivator both in large markets and more niche underground hacker forums because it drives much of the profits. The forums thrive mainly on leaked user credentials, which are less accessible to the public and it focuses on topics related to cybercrime.

The report noted how credential abuse is one of the most popular topics on the underground scene. The use of valid accounts makes it child’s play for cybercriminals to access and take over an individual’s personal life, and the large data breaches help maintain this popularity.

Cybercriminals often show an interest in email accounts because these are regularly used to restore login credentials for other online services, the research found. “Password reuse, not enabling two-factor authentication, and failing to change passwords on a regular basis are the main factors that make these attacks so effective.”

CVE discussions are popular too, the research found, with recently published vulnerabilities becoming hot topics in discussions of browser exploit kits—RIG, Grandsoft and Fallout—and of ransomware, especially GandCrab.

“In the English-speaking, less technical underground forums we observed several discussions of old CVE implementations in familiar tools such as Trillium MultiSploit,” McAfee said. “These threads show that cybercriminals are eager to weaponize both new and old vulnerabilities. The popularity of these topics in underground forums should warn organizations to make vulnerability management a priority in their cyber-resilience plans.”