The Top Cybercrime Communities to Monitor in 2023 for Enhanced Security

To stay ahead of evolving cyber threats, organizations must continually adapt and expand their monitoring efforts across a variety of illicit sources. In 2023, several key illicit communities are emerging as prime targets for monitoring. The communities encompass dark web forums, marketplaces, and instant messaging platforms. To maintain a comprehensive cyber threat intelligence strategy, it is crucial to keep a close watch on these evolving hubs of illicit activity.

1. The Russian Market

Russian Market is a dark web auto shop specializing in the sale of stealer logs. These logs contain pilfered web browser information and device details. As of June 2022, the Russian Market hosted approximately 2.7 million logs available for sale, with around 40,000 new bots added weekly. Its logs provide a wealth of information about victims, including saved logins and personally identifiable information (PII). Threat actors can exploit this data for various nefarious purposes, making it a top marketplace for monitoring. Surprisingly, the cost for each stealer log is a mere $10.

The

2. The Genesis Market

Genesis Market is similar to the Russian Market but operates on the clear web. It specializes in selling browser fingerprints. In June 2022, Genesis Market featured about 400,000 bots for sale, with approximately 1,600 new bots added weekly. Stealer logs on this platform vary in cost, ranging from less than a dollar to slightly over $170. Buyers of Genesis Market bots also gain access to detailed guides on using fingerprints for malicious activities.

The

3. The Telegram

Dark web forums are gradually giving way to instant messaging platforms like Telegram. It appeal of platforms like Telegram lies in their reliability, strict privacy policies, and features like “disappearing messages.” Threat actors increasingly use these platforms to sell leaked credentials and conduct illicit activities. Monitoring channels are essential due to their evolving nature and the sense of security they offer to malicious actors.

The

4. The Stealer Logs

Stealer logs are the outcome of malware infecting devices to pilfer information stored in victims’ web browsers. Its logs contain forms, logins, cookies, and credentials, enabling threat actors to impersonate victims and gain unauthorized access to their accounts, often for financial gain.

The

5. Exploit.in

Exploit.in is a dark web forum with a robust auction system, primarily using the Russian language. Some users act as “initial access brokers,” selling information about organizations’ VPNs and administrative privileges. This information provides access to corporate environments through the forum’s auction system. Threat actors can bid privately or within threads to gain access. It also serves as a platform for sharing proof of concept exploits, malware samples, and hacking techniques.

The

6. Cracked.io

Cracked.io primarily centers on sharing credential leaks. Threat actors share combo lists, leaked databases, and breaches, often resharing content from other dark web forums. This forum’s high volume of posts stems from the redistribution of content initially shared elsewhere.

The

7. XSS.is

XSS.is is a Russian-language forum akin to Exploit.in. Users can accumulate reputation points or opt for a VIP account to gain enhanced access. This forum serves as a platform for sharing new hacking tools, proofs of concept, red teaming tools, and more.

The

8. The Breached Forums

Breached Forums, launched after the shutdown of RaidForums, quickly became a prominent forum for sharing leaks and breaches. Threat actors can sell the outcomes of exploited systems on this forum.

The

9. The ASAP Market

ASAP Market ranks among the largest dark web markets, facilitating the sale of drugs, fraud-related items, and more. International buyers can choose local items to avoid customs scrutiny.

The

10. We the North

We The North is a Canadian-exclusive dark web marketplace, with items shipping exclusively to and from Canada. This marketplace offers a diverse range of products, particularly related to financial fraud.

The

While these top illicit sources are essential for monitoring, organizations should also remain vigilant across other sources relevant to their specific threat landscape. Comprehensive monitoring is key to staying one step ahead of emerging cyber threats.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Hello Cybersecuriters!

Data Breaches Real Impact: Understanding the Risks and How to Protect Yourself

Role of a CISO in Safeguarding Your Organization

The Menace of Shadow IT in Modern Cybersecurity