The cybercrime landscape is rapidly evolving, with infostealer malware – a form of stealthy code that infiltrates devices to stealthily pilfer data – becoming increasingly widespread. Underground forums and marketplaces are flooded with data thanks to this product, with records of stolen data (known as logs) proliferating at an alarming rate.

The Russian Market, a notorious cybercrime marketplace, has seen a staggering 670% growth in the number of logs available for sale between June 2021 and May 2023. Why? Because infostealers are a golden ticket for cybercriminals aimed at swiftly gaining and monetizing business access.

For cybercriminals, the return on investment is immediate, with stolen credentials and sensitive information available within 60 seconds of installation. The game has truly been changed by the evolution of infostealer deployment techniques and the emergence of specialized marketplaces for stolen data.

The Russian Market
The Russian Market is a cyber crime marketplace.

➜ The Thriving Infostealer Marketplace

Researchers at Secureworks have delved into the ever-dynamic infostealer market and noted its increasing sophistication and harder to detect nature. This presents a major challenge for those safeguarding corporate networks.

In a span of just under two years, the Russian Market saw a colossal 670% growth rate for sale logs, peaking at five million offerings. This makes the Russian Market the top contender for infostealer logs, with the logs on offer is ten times that of its closest competitor. The Russian Market’s constant evolution in the face of an ever-transforming cybercrime landscape further underscores its dominance.

The top three infostealers for sale continue to be Raccoon, Vidar, and Redline, boasting impressive figures of 2,114,549, 1,816,800, and 1,415,458 logs, respectively.

Cybercriminals and Law Enforcement: A Game of Cat and Mouse

Recent enforcement action against Genesis Market and Raid Forums has led to a shift in cybercriminal behavior, with Telegram channels becoming a hotspot for the buying and selling of popular stealers, despite the crackdown.

Malware-as-a-service: The New-Age Cybercrime

The emergence of malware-as-a-service has led to an influx of low-skilled threat actors in the cybercrime ecosystem. The Russian Market, for instance, now provides a preorder service for stolen credentials with a simple deposit of $1,000. This shift from opportunistic to targeted attacks is a major cause for concern.

The underground economy built around infostealers is not only feasible but potentially lucrative for these cybercriminals, who continue to adapt their market tactics in the face of global law enforcement action.

➜ Protecting Yourself Against Infostealers

The rise of infostealers calls for an equally strong defense. As always, we want to arm you with the best suggestions to put in place immediately for a robust defense, which include:

  • Implementing Multifactor Authentication (MFA) for all supported logins
  • Restricting installation of third-party software whenever possible
  • Comprehensive monitoring across domain, network, and cloud infrastructure

Infostealers can be seamlessly integrated into computers or devices through various methods, such as phishing attempts, compromised websites, malicious software downloads, and deceptive Google advertisements.

In the year 2022, compromised credentials represented nearly 10% of all incident response engagements that Secureworks participated in. Furthermore, from April 2022 to April 2023, these stolen credentials served as the primary entry point for more than a third (34%) of all ransomware incidents Secureworks dealt with.

If you’re looking to stay vigilant, stay safe, and stay ahead of the curve in this evolving cybercrime landscape, we are happy to help protect your business.

Reach out to us today!