Your stolen data for sale
Trend Micro
February 7, 2024 17:33 MYT
February 7, 2024 17:33 MYT
IN TODAY'S digital landscape, the risk of personal and professional data being stolen by nefarious actors looms larger than ever. This article lays bare the stark reality of this threat, with a specific focus on the unequal risks associated with data theft and its subsequent misuse.
We will illuminate the market for stolen data, providing an overview of the “data black market” and what’s for sale in the underground marketplaces where personal information is commoditized and traded. Reviewing this allows us to provide relevant information that will allow readers to prioritize their defense strategies.
A Quick Word on Infostealers
As the original source of stolen data, infostealers are an important piece of the data black market puzzle.
Infostealer malware is a type of malicious software that cybercriminals use to extract sensitive information from a victim’s computer or mobile device. They are specifically designed to steal data, such as credentials, credit card and financial information, and other critical information, that can later be used for other fraudulent activities. This data, which can be stolen from the browser’s saved passwords or from browser cookies, could allow the criminal to bypass multiple factor authentication (MFA), which is very valuable to an attacker. However, this value is time-sensitive; it’s only good based on how long a session remains open with each affected account.
Infostealers continue to be a prominent threat because of the increasing value of stolen data on the black market. Cybercriminals sell stolen data on the dark web, a hidden part of the internet where illegal activities often take place, in various forms, including complete databases or individual records, such as social security and credit card numbers.
Furthermore, the value of individual stolen data varies depending on its type, quality, and availability. For example, credentials for a bank account with a high balance will be much more valuable than those for a social media account. The more data available about an individual, the more valuable and susceptible to fraudulent activities it becomes.
It’s essential for individuals and businesses alike to understand the market for stolen data. This will allow them to take the necessary precautions to safeguard themselves against data breaches and to implement strong security measures to protect their sensitive information.
Marketplace Data Availability
To understand how information gathered by infostealers is put up for sale on the underground market, we accessed two individual marketplaces that are known to sell data dumps from infostealers. We chose “Russian Market” and “2easy.shop” because of their popularity among criminals, the vast amount of stolen data they have for sale, and functional similarities across the two marketplaces: Users can browse, search, and buy stolen data dumps such as the following:
- Web credentials. The most organized dataset indexed by both sites. A potential buyer can search for dumps containing credentials for a specific website in a specific country.
- We assigned a score of 3 to data that we deemed very easy to find in marketplaces, such as web credentials.
Figure 1: Infostealer vs. data actionability and market availability
The figure above compares each infostealer and each data type using a combination of data actionability with market availability scores. As a risk matrix, it measures how at risk a piece of stolen data is when it ends up in a criminal's hands. This further confirms that crypto wallets and web credentials are not only the most actionable pieces of data but are also the easiest to find and the most indexed in underground marketplaces. Mail credentials, for example, are as actionable as web credentials, but are harder to find on underground marketplaces.
Conclusions
Infostealer malware is responsible for most of the stolen data being sold on the criminal underground. Once a victim is infected, their data will be extracted from the machine and put up for sale. Second-hand marketplaces, where all stolen credentials and other personal data end up, have become thriving criminal businesses.
Criminals turn to these shops for quick monetary gain. The usual ways to monetize stolen user credentials are:
- Draining cryptocurrency wallets
- Exploiting user authentication methods to make transactions on behalf of the user on e-commerce sites and banking sites
- Attacking the victims’ contacts
- Entering users’ organization through their VPN credentials
According to our analysis, we saw that the most at risk categories of data are cryptocurrency wallets and website credentials as they can be very easily monetized. When we look at the most stolen website credentials, we can see many popular sites, including Google, Live.com, Facebook, and Instagram. Somewhat surprisingly, we can also see other less popular sites that might be more easily monetizable, such as Steam, GitHub, and Spotify.
Personal data is and will continue to be a prime target for criminals because it’s easy to obtain and make money from. Therefore, data shops will remain a staple in criminal communities with its popularity showing no signs of dwindling anytime soon.
* Article by David Sancho and Vincenzo Ciancaglini
#stolen data
#infostealer
#cyber security
#personal data
#professional data
#cybercriminals
#trend micro