Single Sign On and the Cybercrime Ecosystem

2023-10-18 14:02

Threat actors then distribute infostealer malware and leverage Telegram as the backend where fresh "Logs" are delivered upon successful infection.

Finally these log files are then distributed in public and private Telegram channels to other threat actors.

Private channels are where we believe most of the "High value" logs are sent to, including those with banking access and corporate IT environment access while lower value and older logs are distributed in public channels.

Private channels operate as paid commercial enterprises, with the channel owner distributing tens of thousands of logs per week to a limited number of threat actors who pay $200-$400 for access to the channel.

Stealer Logs and Single Sign On. Single sign on solutions have emerged as a foundational pillar of corporate cybersecurity.

Even if session cookies are no longer valid, stealer logs may contain browser's "Auto-fill" data, which gives threat actors details like employee identification numbers, home addresses, security question answers, credit card details, and more.

News URL

https://www.bleepingcomputer.com/news/security/single-sign-on-and-the-cybercrime-ecosystem/

#cybercrime #singlesignon