IBM’s X-Power group lately launched the most recent version of the Cloud Menace Panorama Report for 2024, offering a complete outlook on the rise of cloud infrastructure adoption and its related dangers.
One of many key takeaways of this 12 months’s report was targeted on the gradual lower in Software program-as-a-Service (SaaS) platforms being talked about throughout darkish net marketplaces. Whereas this development probably factors to extra cloud platforms growing their defensive posture and limiting the variety of exploits or compromised credentials which can be surfacing, there are just a few different elements to contemplate.
Sudden lower in SaaS mentions throughout the darkish net
In a latest collaboration with Cybersixgill, a number one darkish net intelligence agency, IBM’s X-Power supplied up to date statistics in its latest Cloud Menace Panorama Report surrounding the variety of SaaS options talked about throughout the darkish net.
Surprisingly, though compromised cloud options are nonetheless extremely related and precious belongings when creating sellable belongings throughout darkish net marketplaces, the variety of SaaS platforms being talked about dropped by a median of 20.4% year-over-year.
Amongst a number of the highest reductions was WordPress-Admin, declining practically 98% between 2023 and 2024, adopted by Microsoft Energetic Listing and ServiceNow, which noticed a 44% and 38% decline, respectively.
Whereas the vast majority of SaaS platforms talked about decreased year-over-year, Microsoft TeamViewer was an outlier. Despite the fact that the platform solely represented 1.8% of all the talked about SaaS options, it nonetheless noticed a rise of 9% between 2023 and 2024.
Learn the Cloud Menace Panorama Report
What are the potential contributors to much less SaaS mentions?
The decreased exercise in SaaS mentions initially factors to a probably rising development within the sophistication of modern-day cybersecurity options. Nonetheless, as with all first-year statistical report shifts, it’s necessary to contemplate all calculation variables and contributing elements.
To assist shed some extra gentle on these figures, Colin Connor, a member of IBM’s X-Power group, was interviewed to supply further perspective. When requested to touch upon the potential driver of this darkish net development shift, Connor states, “These statistics look like an total development that was additionally referenced within the lower in complete compromised credentials offered throughout the identical reporting interval. This additionally coincides with the takedown of Raccoon Stealer, which brought on a chronic lower in credential gross sales from July 2023 onward.”
Racoon Stealer was one of the crucial broadly used infostealer malware that dominated the vast majority of the darkish net market share for credential stealers beginning in 2022 however was taken down by the FBI in August of 2023.
Commenting on the general impression Racoon Stealer had on the year-over-over statistics of this report, Connor says, “Throughout its peak in March 2023, was practically 87% of the supply of stolen logs and accounted for nearly 50% of the stolen credentials in our 2023 assortment. It’s additionally necessary to recollect that almost all of darkish net credentials offered are stolen from infostealer malware. So, this takedown of Raccoon had a dramatic impact. {The marketplace} continues to get well — from 192,000 credential units total on the market in July 2023 to 721,000 in July 2024. It additionally has but to get well from the height in March 2023 — which equated to 1.2 million credential units on the market.”
Will there be a resurgence of compromised SaaS platforms within the close to future?
In response to IBM’s X-Power group, whereas the year-over-year decline of SaaS mentions on the darkish net is constructive — pointing to elevated regulation enforcement actions in opposition to main darkish net marketplaces and enhanced safety measures being taken by giant enterprises — it’s essential to not permit this to let group’s guard down.
When requested about what the latest Raccoon Stealer takedown means for the shifting darkish net market dynamics, Connor states, “Racoon’s potential to get well in 2024 was restricted, however what we’re seeing is that the comparatively smaller gamers are beginning to develop… We noticed that Luma, RisePro and Stealc have now develop into main gamers… Luma particularly took an enormous step up, displaying a 241% in reputation in Q3.”
It’s nonetheless too early to know if these beforehand smaller gamers could have the stamina to create disruptions just like Raccoon Stealer throughout the darkish net within the subsequent couple of years. There may be additionally the chance that Racoon Stealer will see some type of restoration sooner or later.
The necessary factor is that organizations don’t develop into complacent of their proactive safety planning. IBM’s X-Power group recommends that each one organizations proceed to conduct complete safety testing throughout their on-premise and cloud infrastructure whereas recurrently strengthening their incident response capabilities. This helps to make sure that even when traits start to shift, organizations can mitigate their dangers of getting programs or networks compromised.
