Have you ever wondered why so much noise is made when log-in credentials have been hacked or found for sale on the dark web? For instance in April, 2020 500,000 Zoom account credentials, usernames and passwords, were made available in dark web crime forums for knock down prices and with many offered for free.

This latter point is unusual given the thriving black market for network access that can net cyber criminals thousands of dollars. Any type of account credentials are invaluable given that people often reuse the same log-on details even for accessing work networks.
  • In dark web forums, the sale of network access credentials ranges from system administrator details to remote access into a network.
  • With millions still working from home due to the COVID-19 pandemic, it’s hardly surprising that the sale of network access has increased significantly over the last 18 months.
  • On top of this cyber criminals also share access to malware, malicious tools, illicit infrastructure, compromised data, accounts, and payment card details.
  • Many of the most sophisticated forums and marketplaces are in Russian but there are also many English, Spanish, Portuguese and German-language forums.
Recent research highlighted how lucrative the sale of network access credentials can be. One example was access to an organisation supporting hundreds of retail and hospitality businesses. The asking price for the login credentials was approximately £48,000 in Bitcoin.

This might seem like an unlikely large amount for network credentials but consider what cyber criminals could do. The organisation mentioned above was a third-party operator of customer loyalty and rewards programmes. Someone who had had access to the network could access the accounts and points of loyalty program members and launch spam and phishing attacks, including ransomware campaigns, against loyalty program members.

Loyalty card and reward programme users could number in the millions, providing a huge pool of potential victims, especially for ransomware attacks. Within this context £48,000 is relatively small outlay for what could be a huge return.
  • It’s useful to note that cyber criminals often go after airline frequent flier programs and similar customer loyalty programs because of the general lack of anti-fraud measures.
The research further revealed:
  • Compromised network access can include details about the victim, the level of access for sale and other transaction details. Sometimes the victims are identified by location, industry or sector and revenue information is often included.
  • The network access ’for sale’ descriptions may also include the number and types of machines on the network or the types of files and data contained on the network. Sellers will also explicitly mention a target as a potential ransomware target in their ads.
All of this is a bit alarming in the sense that something is going on out of sight and deep in the underground, and it could involve your network credentials, your private life or even your company.

But then again this is the nature of the cyber underground; millions of stolen details sloshing around on various cybercriminal forums and web sites.

This is why protection is so important. And it needs to extend from proven internet security software to included robust log-in credentials, two-factor authentication and security software that alerts you to suspicious websites designed to steal log-in information.