lockbit2 attacks 2easy
2easy: A Dark Web Marketplace for Stolen Data and Its Impact on Cybersecurity
The dark web marketplace 2easy has recently claimed an attack on the company 2easy, which operates in the Media & Internet sector. The company specializes in the sale of "logs," which are records harvested by information-stealing malware. These logs typically contain data such as site credentials, cookies, and autofill form data, which can be used to impersonate individuals and steal from their accounts.
Marketplace Overview
2easy was first identified by KELA Cyber Threat Intelligence in December 2021, and it has since grown significantly. The market offers information stolen from almost 600,000 bots, with 18 sellers offering their infostealer logs for sale. The market has gained recognition among cybercriminals dealing with stolen credentials, providing mostly positive feedback about the validity of the credentials sold.
The market is fully automated, allowing individuals to create accounts, add money to wallets, and engage in purchases without directly interacting with sellers. Hackers can purchase logs for as low as $5.00 per item, which is roughly five times less than the average Genesis prices and three times less than the average cost of bot logs on the Russian Market.
Technical Insights
The logs sold on 2easy are archives of stolen data from malware-compromised web browsers or systems. They commonly contain account credentials, cookies, and saved credit card information. The market's GUI enables users to view all URLs to which the infected machines logged in, search URLs of interest, browse through a list of infected machines from which credentials to the website were stolen, check the seller's rating, and acquire credentials to selected targets.
The sudden growth of 2easy is attributed to the market's platform development and the consistent quality of the offerings. The logs are made available for purchase for as low as $5 per item, and they consistently offer valid credentials that provide network access to many organizations.
Impact on Cybersecurity
The impact of 2easy on cybersecurity is significant, as the stolen credentials represent a considerable cyber risk to organizations. Threat actors may leverage this access to perform lateral movement and compromise multiple computers across the organization, potentially leading to various types of malicious activities such as exfiltrating sensitive data and deploying different malware, including ransomware.
The 2easy dark web marketplace poses a significant threat to cybersecurity, as it provides a platform for the sale of stolen data that can be used to gain access to corporate accounts and networks. Organizations must stay vigilant and implement appropriate security measures to protect against the risks associated with compromised credentials.
Sources
- https://www.slcyber.io/dark-web/2easy/
- https://www.kelacyber.com/2easy-logs-marketplace-on-the-rise/
- https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-stolen-data/
- https://flashpoint.io/blog/2easy-fraud-ecosystem/
- https://www.cybertalk.org/2021/12/28/what-is-the-2easy-dark-web-marketplace/
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!