Since the start of 2018 there has been a 39 percent increase in the number of compromised credentials detected from Europe and Russia, compared to the same period in 2017 (January-May). The observations concluded that Europe and Russia are now home to half of the world's credential theft victims (49 percent).
These figures come out of The Credential Theft Ecosystem - a new report by Barcelona-based cyber-threat intelligence company Blueliv.
The Eurasian growth figures tracked by Blueliv are higher than North America's, which actually recorded a decline by almost half (48 percent) year over year. These increases in cyber-criminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.
Daniel Solís, CEO and founder Blueliv, explained to SC Media UK that the criminals were using Russia for testing attacks, which they would then roll out to Western Europe. He commented: “All it takes is a single good credential for a threat actor to gain access to an organisation and cause havoc, so as a European threat intelligence company, we are concerned to see significant credential theft growth rates in our home territory. Our latest special report provides deep insight into the lifecycle of the compromised credential, offering valuable guidance to all levels.”
SC Media's Tony Morbin spoke to Daniel Solís, CEO, and Patryk Pilat, head of pre-sales engineering at Blueliv, to discuss the report in further detail.
Malware families neck-and-neck
The report also observes some interesting trends in malware families being used to harvest these credentials. Pony, KeyBase and LokiPWS (also known as Loki Bot) have consistently been the most active stealers since the start of 2017 but Pony has always been several lengths ahead in terms of popularity. However, since the start of 2018, Blueliv has observed that LokiPWS has been narrowing the gap: the highest number of stealer samples detected by Blueliv's infrastructure each month has now become a two-horse race between LokiPWS and Pony.
In fact, LokiPWS malware distribution has increased by more than 300 percent in the past year. More recently, since January to May 2018, there has been a 167 percent increase in samples classified by Blueliv. Currently, it is possible to purchase LokiPWS from a variety of underground markets as a modular product (stealer, wallet stealer and loader) with prices ranging between £150 to £300, depending on the desired functionality.
The Credential Theft Ecosystem report is available to download free by clicking here.