By Dancho Danchev
Among the first things a cybercriminal will (automatically) do, once they gain access to a compromised host, is to retrieve account/credential data.
From compromised FTP credentials, CPanel accounts, portfolios of domains, to hacked PayPal and Steam accounts, cybercriminals are actively utilizing compromised infrastructure as a foundation for the success of their fraudulent or malicious campaigns, as well as for anonymization ‘stepping stones’ tactics in an attempt to forward the risk of getting tracked down through a series of network connections between malware infected hosts located across the globe.
In this post, I’ll highlight the existence of a cybercrime-friendly service that has been supplying virtually anyone who pays for access, with tens of thousands of compromised accounts.
Sample screenshot of the cybercrime-friendly service:
Thousands of Russian Vkontakte, LiveJournal, Twitter, Mail.ru and Skype accounts are currently offered for sale, all of them active and valid. Based on the underground market advertisement, in 2012, the group/individual behind the service claims to have been in the possession of over 100 million accounting credentials, which have been obtained through “private methods”.
Thanks to the ease of generating or renting a partitioned botnet for your fraudulent and malicious needs, we predict a steady growth for this market segment. Consider the fact that more cybercriminals are applying QA (Quality Assurance) to their campaigns in terms of abusing the “chain of trust” established among owners of the compromised accounts and the prospective victims, in this case, their friends or colleagues.
We’ll continue monitoring the development of this service, and keep a close eye on what the competition is up to when it comes to differentiating its underground market “value proposition.”