Make way for new Industrial Spy Markets – Products marketed through cracks & adware

Today we are completely dependent on e-commerce websites even for a minimal requirement, all thanks to the pandemic and increased dependency, online shopping has become paramount in our everyday lives. In today’s digital world, we can see that the volume of data being dealt with has increased multi-folds and almost every organization has data either backed up or stored in the cloud. This in-turn is making the data susceptible to cyber-attacks. Furthermore, the dark web already contains multiple breached records from various organizations, now we have customized industrial spy markets selling data that are being marketed through cracks and adware. This post highlights some of the features offered by such market place.

This marketplace prominently known as Industrial Spy is known to sell breached data from various organizations and offered free to its known members. The regular pattern or trend with such market places are that they exist in large numbers but the data derived is usually through an attack or by planning a data breach whereas Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases. The Industrial Spy marketplace offers different tiers of data offerings, with "premium" stolen data packages costing millions of dollars and lower-tier data. [Reference]

For example, Industrial Spy is currently selling an Indian company's data in their premium category for $1.4 million, paid in bitcoin. The screenshot below showing the website offering potential data from an Indian organization:

Source : Reference

The highlight is that in addition to such premium data, even low tier data is available for purchase. However, much of their data is being sold as individual files, where threat actors can purchase the specific files they want for $2 each.

Source : Reference

The marketplace also offers free stolen data packs, likely to entice other threat actors to use the site. Some of the companies whose data is offered in the "General" category are known to have suffered ransomware attacks in the past. Therefore, the threat actors may have downloaded this data from ransomware gang's leak sites to resell on Industrial Spy. BleepingComputer first learned of the Industrial Spy marketplace from security researcher MalwareHunterTeam, who found malware executables [1, 2] that create README.txt files to promote the site. When executed, these malware files will create the text files in every folder on the device, containing a description of the service and a link to the Tor site.

Source : Reference

Furthermore, VirusTotal shows that the README.txt files are found in numerous collections of password-stealing trojan logs, indicating that both programs were run on the same device.

Marketing is quintessential for any website or a product to be sold to an end user. But these type of marketing sets up a completely different benchmark demanding organizations to scrutinize their security as much as they can. This demonstrates that the administrators of the Industrial Spy site probably join forces with adware and break merchants to convey the program that advances the commercial center. While security researchers have informed that the site is not widely used at this point of time but for how long? There arises a constant need to keep an eye on such events and also gather relevant information w.r.t the purported data.

Image Source : Reference