Hackers aren’t immune to being hacked, but they are marginally better at picking a strong password than the average government employee.
Those are conclusions that can be drawn from research by threat intelligence firm Hudson Rock, which analyzed logs from 14.5 million computers infected with infostealer malware and found credentials linked to cybercrime forums on 120,000 of them.
The finding implies a significant number of hackers — and others with an interest in cybercrime who frequent the forums — are not taking adequate precautions to protect themselves from becoming victims.
In a post about its research, Hudson Rock pointed out that the “substantial amount of data” that is exposed by infostealer malware — including auto-fill data like names, addresses, emails and phone numbers — “enables the real identities of the hackers to be discovered.”
Hudson Rock proved that last month when it outed a prominent hacker, known as La_Citrix, who accidentally infected his own computer, revealing his real name, address, phone number and “other incriminating evidence” to the firm’s researchers.
“This is not the first time we’ve identified hackers who accidentally got compromised by info-stealers, and we expect to see more as info-stealer infections grow exponentially,” Hudson Rock said.
Hackers only slightly better at choosing strong passwords
While a large number of hackers may be falling victim to the growing infostealer threat, the cohort can take heart from Hudson Rock’s finding that they are slightly better than government sector workers when it comes to using strong passwords.
The researchers found 21.1% of cybercrime forum visitors used strong passwords (defined as passwords with at least 10 characters and four types of characters) compared with only 15.5% of government workers. Both were surpassed by military staff, 22.3% of whom used strong passwords.
Everyone needs to up their game, however, with Hudson Rock noting: “Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage.”
According to a study published last month by Uptycs, incidents involving infostealers more than doubled in the first quarter of 2023 compared with the same period last year.
Perhaps ironically, infostealer malware is primarily sold on the cybercrime forums used by the 100,000-plus hackers who Hudson Rock found had allowed themselves to be infected.
The firm discovered a significant majority of infostealer infections it examined were attributed to RedLine malware, a finding that aligns with Uptycs’ study which found RedLine had a 56% share of the infostealer market.
In another infostealer-focused study released this month, researchers at threat exposure management solution vendor Flare examined more than 19.6 million stealer logs and found just under 2% contained credentials providing access to corporate software-as-a-service applications.
Flare calculated criminals were selling stolen logs containing credentials to access financial services for an average of $112 compared to an average $15 across all log sales.
“Based on the findings, malicious actors appear to use infostealer malware so that they don’t have to purchase a consumer application subscription or so they can steal money by compromising a bank account,” the researchers said.
