Etay Maor, CSO at cyber-intelligence firm IntSights, explained that in recent weeks his team has noticed an uptick in demand for stolen credentials for prominent accounts on the video site.
While account access can be used to spread malware and launch fraud scams against viewers, it is also used to blackmail the account owner.
“YouTube accounts from compromised computers or from logs of credentials can be of high value,” explained Maor.
“While smaller channels may not be as lucrative as larger ones, YouTubers rely on them as revenue streams and might be willing to pay money to attackers to get their content and access to their channels back.”
One snap poll run by an underground forum revealed that 80% of members wanted to see more YouTube credentials put up for sale. Another screenshot posted by IntSights showed a seller auctioning over 680 accounts for a starting price of $400, some of which had as many as 40,000 subscribers.
These auctions are often given a time limit of just 24 hours so that the credentials can be used before their owner has had a chance to contact YouTube support.
As mentioned, most of the log-ins are taken from either malware-infected computers or databases of Google credentials.
“In the past, attackers used sophisticated phishing campaigns in combination with reverse proxy toolkits like Modlishka to defeat Google’s two-step verification. However, none of the current sellers mention 2FA, which may mean these accounts did not opt in for this additional security step,” concluded Maor.
“While 2FA is not a silver bullet against cyber-criminals, it is highly recommended to opt in to this additional security step, have a properly patched computer, understand the risks and types of phishing attacks and use a recovery phone number or email.”
Source: Infosecurity Magazine