Flashpoint researchers discovered a Russian speaking underground market place named “Magbo” selling access to approximately 3,000 breached sites for as little as 50 cents.
The site allowed cybercriminals to purchase the exact breach they need depending on the website value with prices as low as 50 cents per access to $1,000 per access, depending on a website ranking listing various host providers, according to a Sept. 19 blog post.
“High-value targets would obviously fetch a higher price and capabilities to inject payment card sniffers or other tools for deeper network penetration,” researchers said in the post. “Sites with a lower ranking and a lesser perceived value are more likely to be abused for cryptocurrency mining or spam delivery.”
This unauthorized access to compromised sites and databases could be used to carry out a number of crimes ranging from spam campaigns, to fraud, or cryptocurrency mining and can even be used to gain access to corporate networks allowing threat actors access to sensitive information and or drop malicious payloads.
Most of the victim sites were e-commerce sites but the site also included access to sites within the healthcare, legal, education, insurance, and private sectors. Most of the breaches are from U.S., Russian or German hosting services.
Researchers said the earliest advertisements for the sites were posted on a top-tier Russian-language hacking and malware forum marketed as a destination for sales of access to breached sites via:
PHP shell access, hosting control access, domain control access, file transfer protocol (FTP) access, secure socket shell (SSH) access, admin panel access, and database or structured query language (SQL) access.
Potential customers are also given descriptions of the privilege levels available such as “full access permissions,” “abilities to edit content” and “add your content.”