In recent years, the cybercrime world has seen a shift from the selling of individual stolen data files to the offering of subscriptions-based private cloud access to vast and varied troves of stolen data. This change in business model is changing how cybercriminals profit from data theft, creating new opportunities for monetisation, and posing increased risks for everyday individuals and businesses.

From Data Sales to Private Clouds: the shift explained

Traditionally, cybercriminals sold stolen data file-by-file ranging from high value data, such as full data breaches of an entity, to what could be considered lower value data, such as data logs from malware infection and combo lists (email/username/telephone and password combinations). These sales would occur on various platforms; the dark web, forums, and instant messaging platforms such as Telegram where buyers would purchase specific files for a one-time fee outlined by the seller.

However, this business model is being rapidly replaced by private clouds – online repositories of stolen data that buyers can access via subscription. These clouds are updated regularly, often daily, with millions of new and varied data. Cybercriminals running the service may categorise the data for easy access and use for buyers. Categories can range from the country of the source of data to what the data contains such as: combo lists, credit cards, logs from malware, pictures of ID cards and more.  

Why Cybercriminals are Choosing Private Clouds

Private clouds offer many advantages over traditional forms of selling data for cybercriminals:

1. Reduced Risk: Selling stolen data directly to individuals increases the chances of detection by law enforcement. It makes it easier to track the life-cycle of the data, leaving a paper-trail of sorts, especially on platforms such as forums. However, by using private clouds, sellers can obscure their activity by using safer platforms that are well-known for encryption and privacy.
2. Recurring Revenue: Subscription models provide a stable income compared to one-off sales which can fluctuate depending on demand.
3. Efficiency: Hackers can serve many customers simultaneously without the need for individualised transactions, allowing them to maximize profits while minimizing time spent on finding buyers and selling data individually.
4. Automation: For many of these operations, automated bots are used to facilitate the data uploads, sales and user management making the job even easier for those running it as they require minimal oversight.
5. Cost-effectiveness for buyers: Subscriptions offer significantly better value for buyers compared to buying individual files. For example, WhiteBlueOcean has seen a combo list with 20 million records sell for $300 whereas a lifetime subscription to a combo list private cloud on Telegram currently available for $250 which would likely have far more records and would be updated daily with even more recent data.

With increased ease, lower risk and higher profits for cybercriminals, it is clear why cybercriminals are moving towards the subscription-based model of selling stolen data. However, the other side of this is the increased risk posed to everyday people and businesses.

The Risks for individuals and business

The rise of the private clouds poses significant risks for individuals and businesses. In the traditional forms of selling stolen data, data would generally be sold to one individual and the life cycle of that data may end there, or alternatively they may sell it on a few times meaning that it would only land in the hands of so many. However, the risk with private clouds is that tens, hundreds or possibly thousands of people can have access to the same data. In addition, the easy accessibility of this data means that it is no longer limited to highly skilled hackers. The rise of subscription models means even low-skilled actors can purchase access, significantly increasing the number of threats. This means that the potential uses and intended purposes of data in these private clouds is far greater, with the most alarming risks being identity theft, financial fraud and targeted attacks.  

In addition, the added danger is that the data can remain available for extended periods of time. The services where lifetime access is available means that stolen data could be accessed for months or even years after it was initially compromised further extending the possible amount of time that data can be exploited. Furthermore as time goes on and new ways to exploit data are discovered, the data in these repositories can be used for novel purposes that are currently unknown.

How to protect yourself from this growing threat

The shift towards private clouds and subscription-based models is a worrying trend in the cybercrime sphere. It shows that cybercriminals are always looking for ways to develop more efficient ways to monetise their data and shows individuals and businesses that they need to be increasingly vigilant. The scale of the threat is only likely to grow as criminals realise the potential profit to be gained and the low-risk nature of private clouds. The best defence against these threats is by maintaining good cyber hygiene by using strong and different passwords for all accounts, enabling multi-factor authentication and being aware of scams such as phishing.

Sources:

https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/cybercriminal-cloud-of-logs-the-emerging-underground-business-of-selling-access-to-stolen-data

https://www.kelacyber.com/wp-content/uploads/2023/05/KELA_Research_Infostealers_2023_full-report.pdf

Data for Sale Tracker

Telegram

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.