Malicious actors are now using a combolists-as-a-service (CaaS) model to sell credentials to other cybercrooks. Threat actors can purchase these credentials to perform account takeover attacks against individuals and organizations.
What is CaaS?
Discovered by Digital Shadow's Photon Research Team, the combolists-as-a-service model is a profitable way to boost the profits for threat actors.
DataSense is one of the services uncovered by researchers that claimed to provide "users with up-to-date combolists and a self-proclaimed 'quality product.'" The crooks promoted DataSense as a 'cloud-based combolist and database provider.'
The service can be availed by anyone at a monthly subscription of $50. The amount can be paid using PayPal, Bitcoin, and other cryptocurrencies.
It is not known as to which combolists are available via the advertised service.
"It's unconfirmed which combolists are available via the advertised service, as you need to pay and register via the website datasense[.]pw, but the post implies it offers Amazon, Electronic Arts' Origin, Ubisoft's uPlay, Netflix and Steam accounts," said the researchers.
Apart from DataSense, the researchers also discovered another combolists provider called DatabaseHUB. This service provides daily updated credential lists which could be accessed by customers after buying a token via the crooks' Shoppy-based e-commerce platform.
How does it work?
Once the attackers have access to the password, they can use credential stuffing tools like SNIPR, Cr3d0v3r and more to launch attacks on a large scale.
Account takeover impact
The account takeover attack can pose a threat for both individuals and organizations as the attackers can change details, withdraw money and gain access to other accounts as well.