New research into dark web "bot markets" has revealed thousands of stolen Australian datasets have been stolen and put up for sale amid a wave of criminal cyber-identity trading.
Cyber security company NordVPN has detailed the use of malicious bots in modern cyber crime, explaining how hackers are making use of malware bots to harvest and sell sensitive personal data in online bot markets.
The bots are effectively malware – they infect a target device with data-harvesting software designed to steal sensitive personal data.
Among the data being harvested is personal sets of browser cookies, digital fingerprints (such as IP addresses, browser preferences and plugins), logins saved to web browsers, auto-filled information such as contact details and credit card numbers, and even desktop screenshots taken from targeted devices.
Once the data is harvested, the malware sends the stolen data to a hacker who then uploads it to a bot market for sale.
NordVPN warns at least 10,000 Australians have had their online identities stolen and sold via bot markets, typically at an average of $9 per sale.
By comparison, the company's research identified 6,000 New Zealand individuals affected by bot market data theft.
NordVPN says the stolen details found on bot markets are often enough to constitute a victim's entire "digital identity", which could be used to enact further cyber attacks such as illegitimate money transfers or phishing attacks using the compromised person's details.
"The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data," said NordVPN.
"Even a rookie cyber criminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which helps them bypass multi-factor authentication.
"After logging in to a user's account, a cyber criminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed."
In addition to detailing potential attacks upon individual victims, NordVPN warned that more sophisticated cyber criminals could leverage information from bot markets to target businesses via phishing attacks – effectively impersonating company employees using their individual stolen data.
How common are bot markets?
While the exact number of bot markets operating on the dark web is unknown, NordVPN's research focuses on three of the most notorious: 2Easy, Genesis, and Russian Market.
All three marketplaces have gained notoriety since 2020 for their rampant sale of login credentials, cookies and digital fingerprints.
Genesis, which launched in 2018, has notably been linked to infamous cyber attacks such as the breach of video game publisher Electronic Arts in 2021, and has recurrently advertised stolen Australian data in higher quantities than other countries.
2Easy launched around the same time and has rapidly grown to sell hundreds of thousands of stolen data logs, but the bulk of bot market activity is said to occur on Russian Market.
Research from software company Cognyte suggests that of nearly 5.3 million login credentials stolen between 2019 and 2021, 73 per cent were collected by botnets in 2021.
Furthermore, 71 per cent of login credentials being offered for sale on bot markets during 2021 were on Russian Market.
According to NordVPN, Russian Market now sells more than 3.8 million logs from 225 countries.
As for the most prevalent types of data being sold on bot markets, NordVPN suggests each bot log contains 54 stolen logins and two stolen autofill forms on average.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place," said NordVPN Chief Technology Officer Marijus Briedis.
"And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot," he added.
"A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just nine Australian dollars."
Briedis recommends antivirus usage as a measure of protection against bot market cyber crime, as well as employing tools such as password managers and file encryption software.
