This report investigates the world of bot markets that emerged since 2018. In the last year we have seen this world evolving, with new markets opened, and a larger audience gained. The rise of botnet marketplace Bot markets are automated stores that sell stolen login credentials obtained from computers infected with an infostealer. These bot markets offer login credentials of several websites. When information is purchased, some stores will also provide a full system of fingerprints to help the threat actors mask themselves as the victims. Access to these markets is often invite-only or requires a one-time entrance payment. Each market offer contains information on a compromised system, including logins, passwords and cookies collected from websites a victim visited. The price of the login credentials starts as little as $2.5 and increases depending on the characteristics of the stolen data and the volume of data present on a device. The low cost of the login credentials makes it very accessible to criminals and provides them the possibility to buy in bulk. During 2021, the number of cyber-attacks that utilized compromised passwords has increased significantly. According to research conducted by Verizon, credentials are the main method for hackers to hack into an organization, with 61% of breaches attributed to leveraged credentials 1 . These breaches involve the use of brute force, trial and error to guess login info, or compromised credentials. Screenshot of one of the markets that sell login credentials https://www.verizon.com/business/resources/reports/dbir/ 1. 1 2 Executive Summary 3 The Rise of Dark Web Botnet Marketplaces