Thousands of compromised websites on sale in black market

Share this…

The team behind the investigation said their findings have been reported to the authorities

A recently discovered clandestine market has been selling access to more than 3k previously breached websites, which means that a lot of sensitive information is waiting to be used by malicious actors to launch cyber attacks against unsuspecting users of different online services.

Adverts for the Russian-speaking market known as MagBo were first published in a tier one level hacking forum last March, according to experts in ethical hacking in charge of research. After conducting more thorough searches, the research team discovered that the details of thousands of committed websites were on sale at MagBo.

“In MagBo they find asylum about a dozen vendors and hundreds of buyers who trade and participate in auctions to get stolen access credentials, databases and website manager panels” said Vitali Kremez, one of the ethical hacking experts participating in the research.

The expert described access to these sites as “an uncomfortable trend”, with cybercriminals looking for websites with backdoors for deploying malicious activities, including spam campaigns, fraud, cryptocurrency mining and script injection to track payment card data.

“The activities of this clandestine market may have already manifested in some recent incidents. An incident of this kind involved the use of a custom infrastructure, which allowed the attackers to avoid detection and compromising the data of thousands of people”, the expert mentioned, possibly referring to data theft suffered by British Airways.

Most of the sites found in MagBo are e-commerce sale points, but sites of other subjects such as healthcare sector, attorney, education, insurances and government agencies were also discovered. Researchers have concluded that most security breaches come from the US, Germany, or Russia.

Researchers say they cannot explicitly name any of the found websites because this is part of an ongoing police investigation, but claim that some of the sites belong to high profile companies in their fields.

According to the research managers, the most expensive site in MagBo is offered for a $1k USD fee, and has 30k direct visitors per day.

In MogBo you can also find photocopies of documents obtained by identity fraud, access to online wallets, social network accounts and Bitcoin related services.

The ethical hacking specialists suppose that behind this data black market there could be criminal organizations like Magecart Group, who are believed to have carried out the recent attacks against organizations such as British Airways and the online store Newegg.