A cybercriminal group developed and endorsed a new marketplace for stolen data called Industrial Spy. Reports said that the recent market offers stolen information and credentials from hacked companies to buyers and offers the goods to its members without a fee.
The threat actors developed the new marketplace so businesses could buy their competitor’s data to gain access to trade secrets, customer databases, accounting reports, and manufacturing diagrams.
These new techniques of the threat actors are very clever since they can earn profit without extorting the targeted firm and scaring it with GDPR fines. The downside of this new marketplace is that malicious entities will use the Industrial Spy to purchase data and extort victims.
The data marketplace also offers various products such as “premium stolen data packages” that can reach over a million dollars. In addition, there are also packages for small-time data that anyone can buy for as low as two dollars.
Companies whose data is offered by the threat actors on the marketplace and categorised as “General” are typically firms previously targeted and infected by a ransomware campaign. This finding implies that the threat actors downloaded these stolen products from the ransomware group’s leak sites.
Cybersecurity researchers learned that the threat actors on various sites are promoting the Industrial Spy marketplace through adware, and some are offered as cracks.
If a purchaser executes the payload, the malware files inside will develop a text file in every device folder, consisting of a description of the services and a URL to the Tor website. Further investigation revealed that the executables were spread via other malware downloaders disguised as cracks.
This discovery implies that the developers of the Industrial Spy are diligently working with crack distributors and adware designers to spread that program and promote the new marketplace.
Although many users do not yet use Industrial Spy, companies and researchers should observe this new threat since it can impact numerous firms in the future.