Stolen Access Credentials Stolen access credentials are offered on Dark Web marketplaces, which are dedicated to selling different digital assets such as logs, login information to systems, and financial information, such as credit cards details. The access credentials are stolen from users whose machines were infected with info-stealers, malware designed to steal credentials and other sensitive data. Once a foothold is established on a network by using stolen access credentials, a variety of attacks are made possible, including data theft, ransomware, BEC scams, and cyber espionage. In 2024, the info-stealer threat will likely continue to rise. In addition to the well-known info- stealers that dominate this landscape (such as Redline, Racoon and Vidar, which account for about 85% of activity), new info-stealing malware was released. While during 2023 the percentage of log stealing using novel malware was not significantly high, its usage could increase during 2024 as this type of malware is still offered for sale on various Dark Web forums. Emerging Info-Stealers in 2023 Lumma RisePro StealC Subscription-based info- stealer. Emerged in early 2023 & gained popularity in Russian stolen login marketplaces. Steals sensitive data from infected devices & install applications Offered for sale on 2 prominent Russian-language Dark Web forums since Dec. 2022 by a Russian-speaking threat actor. Not very active at first, re- emerged with updated version in 07.2023 & gained popularity Relatively new info-stealer, active since at least Jan. 2023. Targets web browser data, extensions, & cryptocurrency wallets. Based on Vidar (traded on Russian-language Dark Web forums since Oct. 2018 & a cracked version was later shared) & Raccoon (a widely- used info-stealing malware family, active since 2019) Mentioned in of sales ads 11% Mentioned in of sales ads 2% Mentioned in of sales ads 0.36% Year of GenAI 2 Threat Snapshot 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1