50-million passwords compromised in the 2022 year by Russian-based attackers
People and businesses abroad deal with numerous cybercrime and digital threats. Among them is the potential theft or loss of passwords, something we at Bytagig have touched on before. Not only is the current landscape for password protection proving to be ineffective, but cyber criminals worsen matters with a vast array of malware tools and techniques at their disposal. More so, incentives such as geopolitical tensions and trending events give them the perfect foundation to launch attacks.
In fact, Russian based threat actors have emboldened their efforts to launch password-breaching campaigns with ruthless efficiency.
The cybersecurity firm – Group IB – have discovered and identified a surge of Russian based cyber attacks based on circumventing and stealing passwords. The firm is located and Singapore and identified at least thirty-four cyber-attacks from Russian speaking groups. The reason this sudden outbreak of attacks stands out is not only the number, its the method, a “service” for black market clients.
The nature of cybercrime has followed this pattern for the past several years. Rather than a single entity or group attempting to break into a network, attacks have evolved into full scale services, kits, and offerings for buyers. Sometimes it’s referred to as RaaS (ransomware as a service), a spin on contemporary models in the IT world like SaaS (software as a service). Furthermore, dealers on the dark web offer a range of kits or packages that contain breached accounts and stolen passwords.
These new attacks are all part of the same “market,” which signifies how the dangers are changing. Group IB found the threat attackers are selling an info-stealing malware which is meant to target logins and passwords. In this instance, they targeted games media accounts (accounts related to Steam and even Roblox) utilizing different malware like “Raccoon.”
Within seven months of 2022, Group IB discovered over 890,000 devices were successfully breached, resulting in well over 50 million stolen passwords.
Anatomy of the Attack
Breaking down the steps of this massive is critical, not only for addressing the root problems, but understanding the phases of attack and how modern cyber criminals work.
Unsurprisingly, the threat actors took advantage of phishing and social engineering techniques. Like many malware and ransomware related attacks, this is the go-to method for criminals, whereby they impersonate a trusted source or contact in hopes to deceive a recipient. In this instance, the 34 attack groups embedded malicious links into a variety of sources and supposedly trusted entities, like reviews for popular games media, lottery-based messages on forums, and even attaching it to crypto miners or NFT related “services.”
Their attacks were primarily based in the United States, Germany, Brazil, Indonesia, and India. These are, however, the primary targets, and it was discovered more than 100 countries were also targeted in some capacity.
Another reason for the proliferation of these attacks is its minimal demand. Hackers do not need extensive knowledge of IT systems to deploy threat campaigns, and rather utilize services or malware “packages” for their schemes. Indeed, attackers will rent services from providers, just as you would with any other general service, with all the necessary resources and information required to breach targeted accounts. Custom malware, Racoon, and Redline were the noted types of ransomware involved in the attacks.
Widespread use and deployment readily explain how the Russian-based threat actors were able to steal and breach millions of passwords over the course of January-July 2022. It also puts a number to breach events and reveals the fragility of modern password protection strategies. More so, the evolution of defrauding services, kits, and tools means even the layman group can launching deadly phishing campaigns that can affect businesses and organizations abroad.
More important than ever, protecting accounts and business networks with robust architecture is critical. For additional services and information about third-party support, you can contact Bytagig today.
Bytagig is dedicated to providing reliable, full-scale cyber security and IT support for businesses, entrepreneurs, and startups in a variety of industries. Bytagig works both remotely with on-site support in Portland, San Diego, and Boston. Acting as internal IT staff, Bytagig handles employee desktop setup and support, comprehensive IT systems analysis, IT project management, website design, and more. Bytagig is setting the standard for MSPs by being placed on the Channel Future’s NexGen 101 list.