IBM’s X-Force team
-recently issued the newest edition of the Cloud Threat Report for 2024, with a comprehensive preview of the increase in cloud infrastructure usage and its perpetual related risks.
The report claims that :
"One of the key takeaways of 2024's report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms mentioning over the dark web marketplaces."
As this trend potentially points to an increase in cloud platforms, their defensive posture, and limiting the number of exploits or compromised credentials that are coming upwards, there are a few other factors to take into consideration.
The decline in SaaS Mentions Across the Dark Web
In a recent partnership with Cybersixgill, a prominent intelligence firm specializing in dark web monitoring, IBM’s X-Force released updated data in its latest Cloud Threat Landscape Report. This report highlighted a noticeable drop in the discussion of SaaS (Software as a Service) platforms across dark web forums and marketplaces.
Interestingly, although compromised cloud services remain crucial and valuable for creating marketable assets on the dark web, the frequency of SaaS mentions experienced an average decline of 20.4% compared to the previous year.
Significant Declines in Specific Platforms
The most notable reductions included WordPress-Admin, which plummeted by nearly 98% between 2023 and 2024. Similarly, mentions of Microsoft Active Directory and ServiceNow decreased by 44% and 38%, respectively.
However, Microsoft TeamViewer bucked the trend. Despite accounting for just 1.8% of all SaaS-related mentions, it experienced a 9% increase during the same timeframe.
What’s Driving the Decrease in SaaS Mentions?
The declining activity around SaaS mentions may reflect improvements in cybersecurity technologies. Still, when interpreting these changes, it’s essential to account for various influencing factors.
To provide further insight, Colin Connor of IBM’s X-Force shared his perspective. He explained, “This trend aligns with the reduction in compromised credentials sold during the same period, largely driven by the takedown of Raccoon Stealer in 2023, which significantly impacted credential sales from mid-2023 onwards.”
Impact of Raccoon Stealer’s Shutdown
Raccoon Stealer, a widely used malware for stealing credentials, dominated the dark web market until its disruption by the FBI in August 2023.
Connor noted that, at its peak in March 2023, Raccoon Stealer was responsible for nearly 87% of stolen data logs and about 50% of all credentials sold on the dark web. The takedown caused a sharp drop in activity, with the market offering 192,000 credential sets in July 2023 compared to 1.2 million in March 2023. By July 2024, the numbers had rebounded to 721,000, but the market had not fully recovered.
Future Outlook for SaaS Mentions
IBM’s X-Force team views the decline in SaaS-related activity on the dark web as a positive sign, reflecting stronger cybersecurity measures and increased law enforcement action.
However, Connor cautioned against complacency. He highlighted the emergence of smaller players like Luma, RisePro, and Stealc, with Luma showing a 241% surge in popularity in Q3 2024. While these groups are growing, it remains uncertain whether they can replicate the disruptions caused by Raccoon Stealer.
Recommendations for Organizations
To stay ahead of emerging threats, organizations must remain vigilant. IBM’s X-Force team advises businesses to:
- Conduct regular security assessments across both on-premises and cloud systems.
- Continuously enhance incident response capabilities.
Proactive measures ensure organizations are prepared for shifts in cybercrime trends, minimizing risks to their networks and systems.
Do Leave your Comments.