15 billion credentials available in the cybercrime marketplaces

Pierluigi Paganini July 09, 2020

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts.

A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.

Over the past few years, Digital Shadows added to its breach repository more than 15 billion credentials shared on criminal forums, paste sites, file sharing services, and code sharing websites.

According to the company, most of the username and password combinations are available for free, and 5 billion of the above credentials are “unique.” The credentials are sold for an average of $15.43, the most expensive pairs relate to banking and financial services accounts, with an average price of nearly $71.

“Account accesses for antivirus programs garner the second-highest prices: around $21.67. Accounts for media streaming, social media, file sharing, virtual private networks (VPNs), and adult-content sites all trade for significantly under $10.” reads the report published by the experts.

Crooks could use the credentials to launch credential stuffing attacks leveraging the data available in the black marketplaces. Experts reported that brute-force cracking tools and account checkers are available on
cybercrime marketplaces and forums for an average of $4.

According to the report, Sentry MBA is the most popular credential stuffing tool, but OpenBullet tool has accounted for 35 percent of references across cyber criminal forums so far in 2020.

Using the recently launched model of ATO “as-a-service”, a criminal can rent an identity for less than $10.

The cost for antivirus accounts is just over $20, while other types of accounts (cable, social media, VPN, streaming, adult, music, file sharing, and video game accounts) typically go for less than $10.

Threat actors are also offering access to critical systems belonging to various organizations, including domain admin access that has been offered with an average price of just over $3,100. The price depends on the targeted industry, with the local government and financial sectors are the most requested ones.

“Access to organizations’ key systems is being sold at a significant premium. Dozens of advertisements offer domain administrator access through auctions, selling it to the highest bidder for up to $120,000 (with an average of $3,139).” continues the report.

Most popular markets are UnderWorld Market (formerly RichLogs) and
Tenebris, but the biggest one continue to be Genesis Market.

Genesis Market users can rent account access as an alternative to purchasing credentials, an identity for a certain period costs less than $10. The service also provides the victim’s “fingerprint data” (such as cookies, IP addresses, time zones) from victims to make it easier to hijack accounts and perform transactions without being detected.

Let me suggest to read the complete report from Digital Shadows, it includes a lot of interesting data.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime marketplaces)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment