MagBo selling access to 43,000 hacked websites !!!
MagBo selling access to 43,000 hacked websites !!!
As Cybercrime increasing as internet world is growing rapidly, AaaS (access as a service) platform called “MagBo” has appeared in recent researcher reports, currently selling access to no less than 43,000 unique compromised servers. MagBo is an automated market where crooks can browse offerings and buy access to servers that have been previously compromised by someone who planted a web shell malware. Everything is done with a simple click, and there’s no human interaction or intervention in the process whatsoever. In the past two years, MagBo has had 150,000 “clicks” of this kind, so we’re talking about a highly successful service.
According to the latest report from threat intelligence firm KELA, MagBo is offering access to over 43,000 hacked servers and some of these belong to state and local governments, ministries, financial institutions, and health care facilities.
For cyber hackers, governmental servers are of the highest profit as they are being sold for $10,000/piece while small business websites can be bought for a couple of cents only.
MagBo is a notorious online marketplace where hackers can buy or sell hacked servers. It has grown rapidly since its establishment in 2018.
According to researchers, in only two years it has grown over 14-times from its original size and is selling access to 43,000 hacked websites, which is a giant leap from the 3,000 listed hacked sites the company featured in September 2018. It is receiving up to 400 new additions with 200 transactions per day.
"One reason for this might be the operation model – MagBo is a decentralized platform serving multiple threat actors who can upload their wares. KELA’s data shows 190 different threat actors currently have active listings on the market."
KLEA also identified that there are active listings on the market from 190 different cybercriminals and quite possibly MagBo has earned over $750,000 in revenue since 2018 only through selling hacked servers.
Those buying credentials from MagBo use it to run black hat SEO campaigns while some may target e-commerce sites, intranets, and web-cleaning platforms with ransomware.
A majority of the servers sold via MagBo are accessed through web-shells, some can be accessed remotely through compromised CMS and FTP credentials, while there are servers that are accessed through compromised SSH hosting panels. The number of servers offering SQL access is relatively low.
KLEA claims that many websites on MagBo are running an outdated WordPress version or plugins, and since these weren’t updated timely, they became easy prey for hackers.
If you own a business website or planning to start a blog, here are two guides (1 & 2) detailing how to protect both from hackers and other malicious elements.
Always stay safe online as well.
As Covid-19 spreading all over the world, so please stay safe, take care of everyone and watch our blogs at GadgetsTricks.com to know more about online cyber activities and to get protected from cyber attacks.
Thanks For Your Time !
Post a Comment