Infinity Black: Five Polish hackers were arrested as part of a Europol operation yesterday for their involvement in the Infinity Black hacker group. The group operated a website under the same name, where they would sell collections of compromised user credentials, including passwords. Along with these collections of compromised credentials, which came from other hackers’ breaches, the group also sold tools to carry out credential stuffing attacks with these collections. According to a statement made by Europol, the group would use the same collections and tools to search for other online accounts where the same credentials were used–specifically loyalty programs. The group sold access to these loyalty program accounts to other criminals who would then exchange the points, typically for expensive electronics. Losses caused by the group are currently estimated at 50,000 Euros (~54,000 USD), although they appear to have had access to nearly 610,000 Euros (~659,000 USD) in potential losses through exploiting the compromised loyalty programs. The members of the group who were caught by authorities were identified after they attempted to use the stolen data at shops in Switzerland. During the arrest of the five Polish hackers, databases containing over 170 million stolen user credentials were discovered by authorities.
Analyst Notes
Infinity Black’s operations are just another example of how a single data breach can have far-reaching effects for its victims. Many users still, unfortunately, do not heed the warnings of security professionals and will continue to reuse the same or similar credentials across multiple sites or use weak passwords that can be guessed by attackers. Utilizing password managers to create and manage unique complex passwords is not only advisable but it is also becoming easier. A number of reliable services exist in both desktop and mobile forms to assist users in securing their accounts in a more effective way. Data breaches continue to be issues for many users and organizations because credential stuffing and password spraying attacks are often used by attackers. Access to corporate accounts should be protected by Multi-Factor Authentication (MFA) instead of relying on passwords alone. More information on this incident can be found at: https://securityboulevard.com/2020/05/covid-19-phishing-update-scammers-impersonating-financial-institutions-on-instagram/
