Using Hudson Rock’s cybercrime intelligence database, which consists of over 14,500,000 computers infected by info-stealing malware, we analyzed 100 of the leading cybercrime forums. Here’s what we discovered:
Hudson Rock’s researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cybercrime forums.
The image shows the graph of cybercrime forum related credentials from info-stealers infected computers.
Compromised credentials of leading cybercrime forums found on Hudson Rock’s Cavalier platform.
The substantial amount of data that is retrieved for each compromised computer when it is infected with an info-stealing malware enables the real identities of the hackers to be discovered based on indicators such as:
- Additional credentials found on the computers (additional emails, usernames).
- Auto-fill data containing personal information (names, addresses, phone numbers).
- System information (computer names, IP addresses).
Auto-fill and system information data of a prominent threat actor that had their own computer infected by an info-stealer from our previous blogpost This type of data allows for the identification of hackers.
This image outlines some of the data that is retrieved from computers infected by info-stealers that can be found on Hudson Rock’s platform, Cavalier.
Furthermore, Hudson Rock’s researchers discovered that the cybercrime forum with highest amount of infected users is the infamous “Nulled.to” with over 57,000 of the compromised users.
In second place is “Cracked.io” followed by “Hackforums.net” in third.
By analyzing passwords of users from the various forums, Hudson Rock determined that the forum with the strongest user passwords is “Breached.to”, while the one with the weakest user passwords is the Russian site “Rf-cheats.ru”.
“Too weak” are passwords with a length of less than 6 characters and only 1 type of character. “Strong” are passwords with at least 10 characters and 4 type of characters. See this example.
Overall, passwords from Cybercrime forums are stronger than passwords used for Government websites, and exhibit fewer “very weak” passwords than industries like the military.
The vast majority of info-stealer infections are attributed to Redline, followed by Raccoon and Azorult.
Hudson Rock’s researchers also observed that the top 5 countries (Normalized) from which hackers were infected and had at least 1 credential to a cybercrime forum are:
- Tunisia (7.55% of total infections in the country)
- Malaysia (6%% of total infections in the country)
- Belgium (5.14% of total infections in the country)
- Netherlands (4.8% of total infections in the country)
- Israel (4.43% of total infections in the country)
Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage.
To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo
Hudson Rock also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools
