Traffers and the business of stolen credentials – Outpost24’s latest findings

Outpost24, a leading innovator in cyber risk management, released a new report today revealing the underground operation of Traffers, cybercriminal organizations reshaping the business of stolen credentials.

LONDON, U.K., March 28 2023 – Outpost24, a leading innovator in cyber risk management, released a new report today revealing the underground operation of Traffers, cybercriminal organizations reshaping the business of stolen credentials.

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organizations to evaluate their security measures against these evolving threats.

Stolen credentials are a major problem for organizations, causing nearly 50% of all data breaches. While businesses are still trying to figure out how to fix the password problem, cyber criminals are organizing, and innovating. The increased professionalization of cyber criminal groups, specifically the rise of Traffers, is the latest threat against businesses.

Traffers are highly organized cybercriminal groups. They spread different types of malware families with the goal of exfiltrating credentials or profit. To spread the malware as far and wide as possible, they have formed an industry-like structure of product and service providers, as well as dedicated market places, in the form of Telegram channels, to facilitate the sale of those credentials.

To increase their success rate, Traffers target their would-be victims by driving their internet traffic with Google and Facebook Ads to fraudulent content. Traffers have developed a business model that involve specific recruitment, training, and compensation, all of which distinguish them from other cybercriminals.

The price spike of information-stealing malware, the subscription models for accessing stolen credentials, and even the earnings of the Traffers themselves, are just some of the highlights in the report that demonstrate the increased activity and demand in the cybercriminal ecosystem.

“Credentials, and the tools used to steal them, are a commodity. With the growing trend of Initial Access Brokers (IABs) we know that criminal groups are willing to pay for services, which means they expect a bigger profit in return.” says Victor Acin, head of the KrakenLabs at Outpost24, “that’s bad news for businesses.”

As the underground economy circulates, current security measures may fall behind. Organizations need to consider the Traffers attack chain to stay protected against the latest threats. The Rising Threat of Traffers report provides practical advice that can protect credentials, and help businesses avoid malware infections, in the way it is done by Traffers teams.

Outpost24’s KrakenLabs will continue to monitor these groups as part of their cyber threat intelligence solution, helping organizations improve their cyber security posture with real-time threat detection and faster remediation.

To read more about the report, please visit here.

About Outpost24

The Outpost24 group helps organizations limit their digital exposure with a complete range of cyber risk management solutions. Outpost24’s cloud platform unifies asset inventory, automates security assessments, and quantifies risk in business context. Executives and security teams around the world trust Outpost24 to prioritize the most important security issues across their entire IT infrastructure for accelerated risk reduction. Founded in 2001, Outpost24 is headquartered in Sweden, with additional offices in the US, the UK, the Netherlands, Belgium, Denmark, France, and Spain.