Hackers are selling access to over 3,000 breached websites on an underground hacking forum for Russian-speaking users, according to a new report shared with ZDNet today by threat intel firm Flashpoint.
The forum is named MagBO and is a relative newcomer on the hacking scene, where other services HackForum, Exploit.in, xDedic, Nulled, or Mal4All have already made a name for themselves.
But according to Flashpoint, this forum has its own niche, and that niche is in selling web shells to already-hacked websites.
"Essentially, the breached websites host some sort of backdoor that would enable buyers to log in to them," Vitali Kremez, Director of Research at Flashpoint, told ZDNet in an email today.
Access to hacked sites was done on different levels, depending on the web shell (backdoor) the sellers managed to implant on the breached site. According to MagBO's filters, a customer could buy access to:
- PHP shell access
- Hosting control access
- Domain control access
- File Transfer Protocol (FTP) access
- Secure Socket Shell (SSH) access
- Admin panel access
- Database or Structured Query Language (SQL) access
Kremez says his company identified over 3,000 hacked sites on sale on MagBO, varying in price from a meager $0.5 to a whopping $1,000.
Prices were determined dynamically at purchase time based on details ranging from traffic rankings to hosting parameters. The better the ranking and the broader the access to the hosting environment, the higher the price.
Also: How political campaigns use big data to get out the vote TechRepublic
MagBO appears to have been around since the start of the year, and its owners or affiliates have also promoted it on other hacking-related portals.
While Flashpoint was not able to find clear evidence connecting sites sold on MagBOo with the recent Magecart campaigns [Ticketmaster, British Airways, Feedify, ABS-CBN, Newegg], Kremez doesn't exclude that some of the yet-to-be-known Magecart hacks might have involved Magecart crews purchasing access to hacked sites via MagBO.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.