Researchers Report Huge Surge of Stolen and Resold Logs on Russian Market

The Counter Threat Unit (CTU) of Secureworks has recently uncovered a substantial increase of stolen logs being sold on the Russian Market online platform, experiencing a surge of 670%.

In their report titled "The Growing Threat From Infostealers," Secureworks highlights the flourishing market of infostealers, which plays a critical role in facilitating cybercrime activities like ransomware attacks.

Don Smith, VP of Secureworks CTU, commented on the appeal of infostealers for cybercriminals, stating that they provide a quick way to gain access to businesses and monetize that access. Infostealers can be easily purchased and within minutes yield immediate results by acquiring stolen credentials and sensitive information.

Secureworks explains that as infostealer malware remains readily available and cybercriminals use ever more sophisticated methods to deceive users, the detection and removal of these threats become even more challenging for victims.

Smith emphasized that the game has changed for infostealers due to advancements in the tactics used by criminals to trick users into installing them, such as through fake messaging apps and cloned websites. Additionally, the establishment of dedicated marketplaces for buying and selling stolen data further complicates the detection and eradication of infostealer infections.

According to Secureworks' report, the logs available for sale on the Russian Market surged by 150% in less than nine months, reaching over five million in late February 2023 from two million in June 2022. This growth rate signifies a 670% increase in approximately two years.
Smith added that the presence of an entire underground economy and supporting infrastructure revolving around infostealers makes it possible and potentially profitable for relatively low-skilled threat actors to engage in such activities.

What is Infostealing Malware?

Infostealing malware, also known as information-stealing malware or spyware, refers to a type of malicious software designed to infiltrate computer systems or networks to extract sensitive information. Its primary purpose is to gather valuable data, such as login credentials, financial details, personal information, or intellectual property, for unauthorized use, financial gain, or espionage.

Infostealing malware operates stealthily, often remaining undetected by the victim. It can take various forms, including trojans, keyloggers, spyware, and remote access tools. These malware variants can be distributed through various means, such as malicious email attachments, compromised websites, social engineering techniques, or exploiting software vulnerabilities.

Infostealing malware can have severe consequences for individuals and organizations alike. It can lead to identity theft, financial fraud, unauthorized access to sensitive systems, or even corporate espionage. It is crucial to have robust cybersecurity measures in place, such as using reputable antivirus software, keeping software and systems up to date, being cautious with email attachments and downloads, and regularly backing up important data to minimize the risk of falling victim to infostealing malware.