Unveiling the Underground: Insights into Cybercrime Forums from Info-Stealer Infections
Unmasking Cybercrime Forums: Insights from Info-Stealer Infections by Hudson Rock
Cybercriminal activity thrives in the hidden corners of the internet, with hackers and threat actors exchanging tactics, tools, and stolen data on various cybercrime forums. These platforms serve as breeding grounds for illegal activities, ranging from data breaches to ransomware attacks. Hudson Rock, a cybersecurity firm, delved into the intricate world of cybercrime forums using their extensive database of over 14.5 million computers infected by info-stealing malware. Their research sheds light on the connections between compromised computers, stolen credentials, and the forums that fuel cybercriminal operations.
Discoveries and Insights:
Hudson Rock's research yielded several intriguing findings:
Infected Computers and Forum Credentials: Out of the staggering 14.5 million infected computers in Hudson Rock's database, an alarming 120,000 computers were found to have credentials associated with cybercrime forums. This implies that a significant number of hackers themselves have fallen victim to info-stealing malware, exposing their identities.
Unmasking Hackers: The extensive data retrieved from compromised computers includes not only stolen credentials but also additional information like auto-fill data and system details. This wealth of data enables the identification of hackers based on their real identities, such as email addresses, usernames, addresses, and IP addresses.
Leading Cybercrime Forums: The infamous "Nulled.to" emerged as the cybercrime forum with the highest number of infected users, totaling over 57,000 compromised accounts. Following closely were "Cracked.io" and "Hackforums.net."
Password Strength Analysis: Hudson Rock's examination of forum users' passwords revealed that "Breached.to" had the strongest passwords, while the Russian site "Rf-cheats.ru" had the weakest. Interestingly, passwords used on cybercrime forums were generally stronger than those used for government websites.
Info-Stealer Infections: The research attributed the majority of info-stealer infections to three main strains: Redline, Raccoon, and Azorult. These malware strains have played a significant role in facilitating cyberattacks, demonstrating their prominence in the cybercriminal landscape.
Geographic Insights: The researchers identified the top five countries with infected computers that had at least one credential linked to a cybercrime forum. Tunisia, Malaysia, Belgium, Netherlands, and Israel were the leaders in this regard.
Surge in Info-Stealer Infections: Info-stealer infections have witnessed an alarming surge of 6000% since 2018, positioning them as the primary initial attack vector for cybercriminals. These infections serve as gateways to various cyberattacks, including ransomware, data breaches, account takeovers, and corporate espionage.
Conclusion:
Hudson Rock's analysis of cybercrime forums through the lens of info-stealer infections reveals the intricate connections between compromised computers, forum credentials, and the evolving cyberthreat landscape. The research underscores the importance of staying vigilant against the growing menace of cybercrime and highlights the need for robust cybersecurity measures to safeguard individuals, organizations, and sensitive data from falling prey to malicious actors on the dark corners of the internet.
