0

The demand for compromised social network accounts is now so big on the cybercrime black market that, according to the latest research, just one such underground site has 1.5 million of them for sale.

The international reach of social networks has meant that these sites have become the de facto target for cyber criminals today. As I mentioned previously, they have become popular homes to malware mules. Now iDefense, the cyber security intelligence arm of VeriSign, has uncovered one user called 'kirllos' at a particularly popular crime marketplace site that advertises social networking login details who claims to have 1.5 million compromised accounts. The user is selling these in bulk, at a going rate of $25 per 1,000 accounts with 10 contacts or fewer or $45 for over 10 online friends.

Oddly enough, those accounts that have zero contacts are also rather popular, not least as they make for a good vessel to distribute malware through the exploitation of site vulnerabilities to execute scripts which use friend finder tools to request additional contacts.

Rick Howard, director of intelligence at VeriSign iDefense, warns that the "increasing exploitation of the hundreds of millions of social network users globally signifies a key shift in focus for cyber criminals. The trend for harvesting information from social networking sites has been around for some time now, however cyber criminals typically limited their attacks to social media sites within their own geography. For example, Russian cyber criminals have, typically, targeted users of VKontakte (VK) – a social networking site popular in Russia, Belarus and Ukraine. The malicious exploitation of VK users is almost exclusively limited to cyber criminals within these nations. However the increasing exploitation of users of popular international platforms is important as it signifies that criminals are becoming more and more internationalised – these sites provide a convenient platform for criminals to expand their trade around the globe".

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.