Stolen Access Credentials 6 22 Key Findings 1 Tips 7 Ransomware 5 Vulnerability Intelligence 4 Blurring Boundaries 3 Threat Snapshot 2 Stolen Access Credentials The dark web is filled with different marketplaces dedicated to the sale of various products, from illegal goods like drugs and weapons, to cybercrime-related markets selling malware and exploits. Another type of popular and common cybercrime marketplaces is dedicated to the sale of infostealer “logs”, i.e. stolen data collected from endpoints infected by infostealer malware designed to collect browser information from the targeted devices, including credit card details, location data, autocomplete data, information regarding installed security software and more. Attackers can buy these stolen login details and leverage them to gain initial access to the systems and networks of affected organizations and facilitate further malicious activities, like deploying additional malware, data breaches and more. The access credentials are offered for an affordable price even for low-skilled hackers, for as little as $10. The Change Healthcare ransomware attack reviewed above, that has had a far-reaching impact, started with a single set of compromised login credentials, illustrating the danger stolen and compromised user credentials might cause. Another attack that was enabled through compromised credentials was the December 2024 attack on education software provider PowerSchool, that occurred after unauthorized malicious hackers managed to access the company’s student information system (SIS) through a compromised credential and exfiltrated students and teachers’ data, affecting approximately 62.4 million students and 9.5 million teachers. 28 In 2024, there were approximately 7.7 million sales ads for stolen access credentials posted on dedicated dark web marketplaces, compared to about 6 million sales ads posted on marketplaces in 2023. How LUMINAR helps: LUMINAR helps organizations protect against ransomware attacks in several ways: + 24/7 monitoring of dozens of ransomware gangs’ dark web data leaks and extortion websites. + Updated IOCs data for ransomware variants. + Analysis of ransomware threat actors’ TTPs, targeted industries, targeted countries and visibility into all past attacks with a dedicated Threat Actor Profiling module Stolen Access Credentials 6 22