Story image

Credential theft industry booming in US, declining in Asia & EU

10 Oct 2018

Compromised credentials are a constantly occurring headache for businesses and consumers around the world.

However, research from enterprise-class cyberthreat intelligence company Blueliv shows the rate of stolen credentials depends significantly on where you are in the world.

It was a great harvest for cybercriminals targeting North America in the second quarter of 2018, as compromised credentials retrieved from botnets geolocated to the region skyrocketed 141 percent quarter over quarter (March to May 2018 over June to August 2018).

Meanwhile, Europe and Russia actually saw a decrease of 22 percent, while Asia plummeted 36 percent. Obviously, there were some profitable campaigns in North America over the quarter.

The data holds even more insights when taken to a deeper level. For instance, between just July and August, geolocated credentials detected from Europe and Russia fell 33 percent, while Asia surged 77 percent.

According to Blueliv, this suggests a sizeable botnet was taken down in Europe, while a campaign targeting Asia was thriving.

“All it takes is a single good credential for a threat actor to gain access to an organisation and cause havoc,” says Blueliv CEO and founder Daniel Solís .

“We are observing a booming market for credential theft, and the latest statistics show that this sort of cybercrime is a truly global enterprise. By understanding the lifecycle of the compromised credential, CISOs seeking to protect their business and analysts looking for IOCs gain valuable information to shrink their attack surface.”

In terms of the malware families being used by cybercriminals, Pony, KeyBase, and LokiPWS (also referred to as Loki Bot) were consistently the most common tools of choice, but when it comes to popularity Pony has always been several lengths ahead of its counterparts.

However, LokiPWS is hot on its heels as in May its distribution had gone through the roof by more than 300 percent year over year. During the second quarter LokiPWS samples almost doubled, with a 91 percent increase quarter over quarter.

Solís says the growth of LokiPWS is of particular concern. It can be used as both a loader for other malware as well as a password and cryptowallet stealer. It is widely available from a variety of underground markets as a modular product, usually priced between US$200-300 depending on the desired use.

“Our analysts have been following the development of a huge variety of malware families,” says Solís.

“Source code leaks of different versions of LokiPWS in recent years have probably influenced its increase in usage as a credential stealer, but this does not mean that we should discount the likes of Pony, Emotet, KeyBase and AZORult, which continue to be disturbingly effective around the world.”

Blueliv shares its intelligence in a bid to socialise cybersecurity and encourage parity to enable businesses around the world to fight cybercrime collaboratively.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.