The current cyber environment has been riddled with threats that seek to take advantage of the widespread fear associated with the coronavirus pandemic. It has been observed that a host of threat actors have moved to launch COVID-19-themed attacks and scams against unsuspecting victims.
The list of studies and reports into the scale of phishing attacks amid the pandemic is endless, with cybercriminals being seen to target tools and recycle stolen data for classic credential dumping attacks.
In highlight, over the past few weeks, security experts from the cybersecurity entity IntSights revealed that they have observed a rise in demand for stolen YouTube account credentials – which are being posted for sale on the dark web. The researchers have intimated that the stolen credentials may be used to in the distribution of malware, the execution of fraud campaigns against YouTube viewers and possibly blackmail.
Considering the current government restrictions that have been used to curb spread of COVID-19, it would be expected that the global reliance on internet applications would intensify. Many people in quarantine continue to depend on internet usage and streaming services to stay occupied and entertained.
In the context of YouTube usage, users with commercial accounts have always “worked from home” long before coronavirus was declared a pandemic. This reality has seen a rise in cybercriminal attacks targeting this class of internet users where threat actors employ sophisticated mechanisms of targeting the home users, thus resulting in lots of cases involving malware-infected computer systems.
How Was the Data Harvested?
Like any other hacking campaign, it is obvious that the methods used by threat actors vary widely.
There are many ways in which cybercriminals may use to hack YouTube accounts, although IntSights researchers believe that the stolen credentials were drawn off accounts that were held by databases with Google credentials. The above observation has not ruled out the application of malware-infected computers in helping the hackers access the accounts.
Looking back, cybercriminals have been known to employ complex phishing campaigns that are combined with reverse proxy toolkits that would be instrumental in overriding Google’s two-step verification (one-time password).
However, in the current case, it has been reported that none of the stolen credential vendors have quoted 2FA, an aspect that may suggest that the compromised accounts did not employ the additional security mechanism.
Point to note, while 2FA is by no means a total deterrent of cyberattacks, cybersecurity experts advise users to embrace it as an additional step towards securing their accounts. This aspect extends to the importance of people using a properly patched computer system while keeping information on phishing attacks close to their hearts.
What’s the Value of the Stolen Data?
As with all dark web offerings, the surge in demand for the products is usually followed by a growth in supply.
It turns out that several hacking forums took notice of the demand for compromised YouTube accounts through quick polls that would provide insights into the marketability of the YouTube credentials. One such poll showed a striking interest among members who voted to have more YouTube credentials posted for sale on the dark web (see below).
Screenshot of a poll conducted on an online forum shows the high demand for stolen YouTube accounts. (Source: IntSights)
As IntSights researchers found out, various YouTube accounts that showed up on dark web posts were marked with their specific subscriber counts – a metric that would be used to judge the value of the accounts.
Generally, it is common knowledge that commercialized YouTube accounts tend to be lucrative, with stolen accounts being potentially of high value. An interesting angle to this situation is that YouTubers who depend on their accounts for economic sustenance may be willing to pay funds to cybercriminals in case that would get their accounts and content back.