Dark web marketplaces have drastically evolved over the past few years. Despite international law enforcement agencies shutting down several popular and large underground markets like AlphaBay and Hansa, dark web markets continue to diversify and thrive. Recently, a booming dark web marketplace that offers other crooks access to compromised emails has been uncovered.
According to security experts at Digital Shadows, who uncovered this underground market, dark web hackers are now offering to hack corporate emails for a mere $150. Some hackers were even promising to deliver access to the compromised emails within just a week. Some dark web criminals also claimed to only take payment after they have proved to the buyer that the targeted emails have been compromised, ZDNet reported.
“Digital Shadows detected 33,568 email addresses of finance departments exposed through third party compromises. Eighty-three percent (27,992) of these emails had passwords associated with them,” Digital Shadows researchers said in a report. “If these passwords have been reused for corporate accounts, this may leave organizations at risk to account takeovers.”
Digital Shadows researchers also uncovered a criminal campaign being orchestrated by a Russian-speaking threat actor that the emails of finance departments across over 100 construction, higher education, and public health sector targets. This threat actor, as well as some others in underground markets, are also offering commissions to partner up and conduct operations.
"That some actors are offering a commission structure reflects how easy it is to acquire compromised email accounts online. With so many in circulation, some actors prefer the quality of the account and the potential rewards from them rather than simply having access to a hundred low-level emails," Rafael Amado, strategy and research analyst at Digital Shadows told ZDNet. "The commission structure would appeal if the attacker was targeting high-value victims, where the commission gained here would be far higher than paying a set fee for a set of low-level accounts with little financial value".
Cybercriminals purchasing these compromised emails could use them to launch their own phishing and social engineering attacks. Given how valuable email credentials are, in how they can become a gateway for other, wider cyberattacks, enterprises should ensure that employees are made aware of how best to protect their accounts.