![]() In the first half of 2022, SEKOIA identified an increase in the use of information-stealing malware as the preferred commodity malware for cybercriminals. Administrator(s) of the traffers team gather the user’s logs (stolen information including cookies, passwords, crypto wallets, documents, etc.) to exploit or sell them. These groups are therefore a gateway into the cybercrime ecosystem for newcomers. In these teams, traffers can both be highly skilled threat actors and newcomers in the threat landscape, as they usually get training sessions when hired by a team. Other traffers focus on generating traffic to a very large audience over a short period of time while avoiding detection.Īs part of a growing trend, numerous traffers join a team to distribute information-stealing malware on behalf of the team administrator(s). This tool allows traffers to filter traffic based on its characteristics, such as location, operating system, and HTTP headers, enabling them to sell high-quality traffic to threat actors with specific targets. Some sophisticated traffers make use of the Traffic Distribution System (TDS) to operate and redirect traffic. To generate traffic, traffers lure users from legitimate or compromised websites to redirect them to a server, a website, or malicious content operated by the botnet owner. In other words, traffers’ activity is a form of lead generation. The main challenge facing traffer is therefore to generate high-quality traffic without bots, undetected or analysed by security vendors, and eventually filtered by traffic type. They monetise the traffic to these botnet operators who intend to compromise users either widely, or specifically to a region, or an operating system. Although not well described by the global cybersecurity industry, the actors in charge of generating non-legitimate traffic play a key role in the distribution of threats, as well as the underground economy.Ĭommonly referred to as traffers (from the Russian word “Траффер”, also referred to as “worker” in the underground community), these actors are responsible for redirecting user’s traffic to malicious content (malware, fraud, phishing, scam, etc.) operated by others. ![]() The cybercrime ecosystem is filled with a multitude of threat actors that share the same financial motivation through malicious activities. ![]() Further investigation led us to identify a structure and a common modus operandi to most traffers teams distributing stealers. ![]() SEKOIA observed hundreds of advertisements aiming at recruiting traffers to distribute information stealers. Traffers are threat actors playing a key role in the augmentation of the threat surface, and more generally in non-legitimate traffic generation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |