🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.
Schedule a DemoBidenCash, a carding marketplace infamous for selling leaked credit card information, has gained significant traction since its launch in April 2022. The marketplace has recently ventured into a new area by offering SSH services to buyers for as low as USD 2. The impact of these offerings can be severe as threat actors can launch cyber attacks with the powerful processing capabilities of the servers.
In October 2022, the first dataset of 1.2 million credit cards was leaked. The datasets involved sensitive information such as Personally Identifiable Information (PII) and Social Security Numbers (SSNs) along with card details, and CVV codes. As a result, the marketplace quickly grew in popularity and experienced a significant increase in monthly visitors where February 2023 saw the highest number of visitors due to its latest release of 2 million unique credit card data in February 2023.
In the latter part of last week, CloudSEK noticed a slight deviation from the primary business model of BidenCash, which involves selling leaked credit card information. The marketplace appears to have ventured into a new area of selling SSH access to interested buyers.
As per the advertisement on a Russian-speaking underground forum, the key features provided by BidenCash ensure a smooth and efficient experience for those interested in purchasing SSH access through BidenCash. The offerings include:
Barracuda BBL: To ensure the server's IP address is not blacklisted
The advertisement also encourages other threat actors to join forces in order to expand this venture. BidenCash receives 30% in commission for each sale offered on the website.
Also Read Custom malware Kaiji targets IoT devices via SSH brute forcing
Based on this new offering, various existing sellers on different dark web forums can also begin their venture into gathering SSH accesses to monetize maximum from the marketplace. By listing their accesses on Bidencash, the threat actors can escape the negotiations cycle and traps set by security researchers on the forums.
After analyzing BidenCash's SSH inventory over the past five days, we've discovered that they've listed over 850 SSH servers with varying architecture, CPU configurations, and countries, among other things. The prices for these servers range from $2 (lowest) to $10 (highest).
Based on our rough calculations, if all 850 listed cards are sold, sellers on the marketplace stand to make an average of $3,570 every five days (or $21,420 every month), while BidenCash itself would receive $1,530 (or $9,180 every month) in commission. However, given the popularity of BidenCash, we anticipate at least a 3-fold increase in the number of listings on the marketplace that can attract more potential buyers over time.
With the launch of the new SSH offering, threat actors have already started vouching for it on various dark web forums. Given the popularity and reputation of BidenCash in the underground market, it is highly likely that many cybercriminals may have already started purchasing these illegitimate offerings to conduct nefarious activities.
The SSH servers being offered on the BidenCash marketplace are not only cheap but also come with varying CPU configurations and processing powers. Some of the servers with admin-level or root-level access are available for as low as $10, equipped with powerful hardware specifications. We have observed some of the most powerful servers on the marketplace with 196GB RAM and 104 CPU cores.
This poses a significant risk as threat actors can leverage this power to conduct a wide range of malicious activities, such as data exfiltration, brute force and ransomware attacks, and cryptocurrency mining. Moreover, they can launch large-scale DDoS attacks to disrupt services at private and government organizations, causing significant damage to their operations and reputation.
With the ability to purchase powerful servers while maintaining anonymity, cyber attacks can be very difficult to thwart. The availability of SSH servers on marketplaces such as BidenCash can increase the scope and scale of attacks, making it imperative for organizations to ensure the security of their systems and keep their SSH servers secure.
Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.
In Indonesia, scammers are using Telegram bots to impersonate digital wallet brands, promoting fake referral reward schemes. These scams deceive users into sharing their account details, leading to significant financial losses. Discover the full details and protective measures in CloudSEK's comprehensive blog report.
This advisory highlights recent attacks on Indian banks, focusing on two primary attack vectors: geopolitical tensions and credential stealers/social media account takeovers.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
9
min read
BidenCash, a notorious marketplace for selling leaked credit card information, has expanded its services by offering SSH access to buyers for as low as $2. This new offering can have severe consequences for cybersecurity.
BidenCash, a carding marketplace infamous for selling leaked credit card information, has gained significant traction since its launch in April 2022. The marketplace has recently ventured into a new area by offering SSH services to buyers for as low as USD 2. The impact of these offerings can be severe as threat actors can launch cyber attacks with the powerful processing capabilities of the servers.
In October 2022, the first dataset of 1.2 million credit cards was leaked. The datasets involved sensitive information such as Personally Identifiable Information (PII) and Social Security Numbers (SSNs) along with card details, and CVV codes. As a result, the marketplace quickly grew in popularity and experienced a significant increase in monthly visitors where February 2023 saw the highest number of visitors due to its latest release of 2 million unique credit card data in February 2023.
In the latter part of last week, CloudSEK noticed a slight deviation from the primary business model of BidenCash, which involves selling leaked credit card information. The marketplace appears to have ventured into a new area of selling SSH access to interested buyers.
As per the advertisement on a Russian-speaking underground forum, the key features provided by BidenCash ensure a smooth and efficient experience for those interested in purchasing SSH access through BidenCash. The offerings include:
Barracuda BBL: To ensure the server's IP address is not blacklisted
The advertisement also encourages other threat actors to join forces in order to expand this venture. BidenCash receives 30% in commission for each sale offered on the website.
Also Read Custom malware Kaiji targets IoT devices via SSH brute forcing
Based on this new offering, various existing sellers on different dark web forums can also begin their venture into gathering SSH accesses to monetize maximum from the marketplace. By listing their accesses on Bidencash, the threat actors can escape the negotiations cycle and traps set by security researchers on the forums.
After analyzing BidenCash's SSH inventory over the past five days, we've discovered that they've listed over 850 SSH servers with varying architecture, CPU configurations, and countries, among other things. The prices for these servers range from $2 (lowest) to $10 (highest).
Based on our rough calculations, if all 850 listed cards are sold, sellers on the marketplace stand to make an average of $3,570 every five days (or $21,420 every month), while BidenCash itself would receive $1,530 (or $9,180 every month) in commission. However, given the popularity of BidenCash, we anticipate at least a 3-fold increase in the number of listings on the marketplace that can attract more potential buyers over time.
With the launch of the new SSH offering, threat actors have already started vouching for it on various dark web forums. Given the popularity and reputation of BidenCash in the underground market, it is highly likely that many cybercriminals may have already started purchasing these illegitimate offerings to conduct nefarious activities.
The SSH servers being offered on the BidenCash marketplace are not only cheap but also come with varying CPU configurations and processing powers. Some of the servers with admin-level or root-level access are available for as low as $10, equipped with powerful hardware specifications. We have observed some of the most powerful servers on the marketplace with 196GB RAM and 104 CPU cores.
This poses a significant risk as threat actors can leverage this power to conduct a wide range of malicious activities, such as data exfiltration, brute force and ransomware attacks, and cryptocurrency mining. Moreover, they can launch large-scale DDoS attacks to disrupt services at private and government organizations, causing significant damage to their operations and reputation.
With the ability to purchase powerful servers while maintaining anonymity, cyber attacks can be very difficult to thwart. The availability of SSH servers on marketplaces such as BidenCash can increase the scope and scale of attacks, making it imperative for organizations to ensure the security of their systems and keep their SSH servers secure.