lockbit2 attacks 2easy

Incident Date:

May 16, 2022

World map

Overview

Title

lockbit2 attacks 2easy

Victim

2easy

Attacker

Lockbit2

Location

, Hong Kong

Pok Fulam, Hong Kong

First Reported

May 16, 2022

2easy: A Dark Web Marketplace for Stolen Data and Its Impact on Cybersecurity

The dark web marketplace 2easy has recently claimed an attack on the company 2easy, which operates in the Media & Internet sector. The company specializes in the sale of "logs," which are records harvested by information-stealing malware. These logs typically contain data such as site credentials, cookies, and autofill form data, which can be used to impersonate individuals and steal from their accounts.

Marketplace Overview

2easy was first identified by KELA Cyber Threat Intelligence in December 2021, and it has since grown significantly. The market offers information stolen from almost 600,000 bots, with 18 sellers offering their infostealer logs for sale. The market has gained recognition among cybercriminals dealing with stolen credentials, providing mostly positive feedback about the validity of the credentials sold.

The market is fully automated, allowing individuals to create accounts, add money to wallets, and engage in purchases without directly interacting with sellers. Hackers can purchase logs for as low as $5.00 per item, which is roughly five times less than the average Genesis prices and three times less than the average cost of bot logs on the Russian Market.

Technical Insights

The logs sold on 2easy are archives of stolen data from malware-compromised web browsers or systems. They commonly contain account credentials, cookies, and saved credit card information. The market's GUI enables users to view all URLs to which the infected machines logged in, search URLs of interest, browse through a list of infected machines from which credentials to the website were stolen, check the seller's rating, and acquire credentials to selected targets.

The sudden growth of 2easy is attributed to the market's platform development and the consistent quality of the offerings. The logs are made available for purchase for as low as $5 per item, and they consistently offer valid credentials that provide network access to many organizations.

Impact on Cybersecurity

The impact of 2easy on cybersecurity is significant, as the stolen credentials represent a considerable cyber risk to organizations. Threat actors may leverage this access to perform lateral movement and compromise multiple computers across the organization, potentially leading to various types of malicious activities such as exfiltrating sensitive data and deploying different malware, including ransomware.

The 2easy dark web marketplace poses a significant threat to cybersecurity, as it provides a platform for the sale of stolen data that can be used to gain access to corporate accounts and networks. Organizations must stay vigilant and implement appropriate security measures to protect against the risks associated with compromised credentials.

Sources

  • https://www.slcyber.io/dark-web/2easy/
  • https://www.kelacyber.com/2easy-logs-marketplace-on-the-rise/
  • https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-stolen-data/
  • https://flashpoint.io/blog/2easy-fraud-ecosystem/
  • https://www.cybertalk.org/2021/12/28/what-is-the-2easy-dark-web-marketplace/

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.