Cyber security news for all

More

    MagBo cybercrime market sells access to 43,000 hacked websites

    MagBo has carried out many activities related to cybercrime, including the sale of infected servers.

    Just as xDedic closed in 2019 after becoming the front-page news to sell pirated RDP endpoints and more than 85,000 credentials, it seems that another service will soon receive attention. This is MagBo, the infamous online market explicitly created for cybercrime activities.

    According to the latest report from the threat intelligence company KELA, MagBo can access more than 43,000 hacked servers. Some of which belong to state and local governments, government departments, financial institutions, and health institutions.

    For hackers, government servers are the biggest profit. This is because they sell for $ 10,000/piece, and small business websites cost a few cents.

    MagBo is a notorious online marketplace where hackers can buy and sell pirated servers. Since its establishment in 2018, it has developed rapidly.

    According to the researchers, in just two years, its size has increased by more than 14 times, and is selling access to 43,000 hacked websites. This is a huge leap forward in contrast to 3000 hacked websites it featured in September 2018. It is receiving up to 400 new additions with 200 transactions every day.

    magbo numbers

                                                       image:KELA

    One of the reasons may be the operating model. MagBo is a decentralized platform that can provide multiple threat participants with services to download their products. According to KELA data, there are currently 190 different threat actors with active lists in the market.

    KELA has also determined that there are 190 different active cybercriminal lists on the market. Since 2018, MagBo has been able to earn more than $750,000 in revenue by selling pirated servers alone.

    Those who have purchased MagBo credentials use it to initiate Black Hat SEO campaigns. However, some may target e-commerce sites with ransomware, intranets, and web cleanup software.

    Most servers sold through MagBo can be accessed through the Web Shell, some can be accessed remotely through infected CMS and FTP credentials, and some servers can be accessed through the dashboard.

    kela via magbo

    image: KELA is Magbo

     

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox