A host of Australian organizations have been hacked, and their websites listed for sale on the dark web.
It has been reported that ASX-listed firms, financial service providers, law forms, an insurance company and an adult media store were among the affected parties in the hacking attack.
Consequently, hundreds of Aussie online platforms appears on the dark web for sale – they have been identified to be among the long portfolio of 43,000 breached servers that have since been advertised on MagBo.
MagBo is a dark web platform that enables the sale of cybercriminal material where hackers thrive by accessing breached sites, which attract price tags ranging from a measly $1.46 to a staggering $10,000.
While commenting on the case, Andrew Murray, the Chief Executive for Curve Securities, sent a warning to Aussie businesses to be sensitive to the matter and understand the cyber risks at play. He intimated that his organization had detected the cyberattack at the close of year 2019, and had moved to fix the issue and monitor the situation.
To place things in perspective, Curve provides its clients with much-needed fixed income advisory services, and boasts of a robust portfolio that has seen the company place an excess of $80 billion for its clients.
Considering that the firm was among the reportedly compromised targets by the cyberattack – and it serves both private sector stakeholders and about 160 government entities – the potential range of damage that can be done by the cyberattack is no secret.
Otherwise, Murray provided an assurance that Curve Securities had succeeded in diagnosing its internal systems to ensure that the firm’s regular operations are not affected. In addition, the Chief Executive confirmed that the compromised server was, fortunately, not handling Curve’s daily functions.
The One-Stop-Shop for Cybercriminals
Usually, the access to online platforms for sale on MagBo is achieved via a “web shell malware” that’s installed by threat actors on breached servers.
MagBo was established in the year 2018 and has expanded to become a world leader within cybercriminal circles.
Point to note, the increase in criminal popularity for platforms like MagBo is what led to an international effort to combat the application of web shell malware by cybercriminals to attack websites.
The U.S. National Security Agency and the Australian Signals Directorate released guidance for mitigating web shell malware. The report provided critical cyber security information that acknowledged the advancing threats posed by web shell malware.
According to the update, web shells serve to give threat actors the persistent access to breached networks by employing communication avenues working under the guise of legitimate traffic. This technique allows this form of malicious software to circumvent the commonly used cybersecurity protocols.
What’s the Value of Breached Data?
The Financial Review noted a significantly high number of Aussie credit cards posted for sale on the dark web.
Arguably, the data obtained from government agencies and online stores attract a premium as far as cybercriminal commerce is concerned. This reality highlights the value that such categories of data offer – considering that the sale personal and financial information continues to be a lucrative trade in dark web markets.
Still on the subject of web shell malware, Elad Ezrahi, from the Israeli cyber firm KELA, highlighted the potential harm that web shells can cause – remote access markets provide a concrete pathway for obtaining data.
The cyber expert stated that a majority of hackers operating on the darknet platforms have Eastern European origins and that they are mostly motivated by monetary gains in lieu of state-sponsored espionage.
KELA is a cyber-specialist organization that focuses on darknet threat intelligence by providing clients with a real-time dark web search engine called Darkbeast.