Automated dark web markets are having a grand time selling stolen corporate email addresses. Based on reports, these offered emails could go for as low as two dollars since there is a growing demand from hackers who use them for BECs and phishing attacks.
Israeli analysts reported that more than 200,000 email accounts are up for grabs in the underground markets.
Currently, the largest webmail shops are Lufix and Xleet, claiming to offer access to about 100,000 breached corporate email accounts, with prices starting from $2 up to $30. Moreover, they are also selling premium types of stolen emails from high-profile organisations.
These offered accounts are typically stolen through brute-forcing campaigns or credential-stuffing attacks. However, most of these accounts are stolen through phishing.
The automated dark web markets are on the rise.
Experts explained that the high demand for stolen emails used for business email compromise attacks had prompted the increase of automated dark web markets. These marketplaces offer email combo lists that include access to various firms.
In a recent case, the Everest ransomware actor offered access to email accounts of an aerospace manufacturing firm for about $15,000. All curated and bulk offers include negotiating with the seller and taking a risk on the legitimacy of the claims.
These events have created the need for automated webmail shops such as Lufix, Xmina, Xleet, and Odin. These markets enable threat actors to easily purchase access to the email accounts of their liking.
The most attractive email accounts demanded by hackers are from MS Office 365, which accounts for over half of all stolen web emails listed.
The sellers in these markets are not using codenames but hide behind a masking system putting their numbers. On the other hand, Odin sells more details regarding the seller, like total sales figures, user ratings, and the number of items sold.
The increasing number of these malicious marketplaces makes it necessary to impose periodic password resets for all platforms and services to render compromised credentials inaccessible.
Experts recommend that users use strong and long passwords since most of the offered web emails are cracked and hacked from emails with weak passwords. Lastly, employees should know how to spot phishing emails to mitigate the effects of these threats.
