Stolen Data is Currency on the Dark Web, is Yours in a Cybercriminal’s Pocket?
Why do cybercriminals want data so badly, and what are they doing with it? Whether it’s individual PII or corporate information, stolen data is central to fueling cybercrime. Data is frequently used as currency on the Dark Web – and it moves around in all sorts of ways including some that you may not be expecting.
Now Trading: Gold, Spices & Data
Dark Web data dumps and data markets are the fuel sources that propel cybercrime. Just like anything else that’s been a valuable commodity in our history, data is sold and traded on the Dark Web every day. Some data is even available for free, just waiting for cybercriminals to come and scoop it up for their own nefarious purposes.
It doesn’t really matter if it’s new data either. While fresh data and specialty data is always going to be the most desirable commodity, old data is still useful and it still has purchasing power. Cybercriminals are especially hungry for COVID-19 related medical data right now as drug manufacturers and governments race to find a vaccine.
Pay to Play Pandemic Fun for Cybercriminals
But the data sales and trading world isn’t all serious business. While cybercriminals are definitely using it for damaging cybercrime like spear phishing, cybercriminals also use data as currency for gambling and contest prizes. Security researchers have discovered that data is being used as a reward in rap battles, poetry contests, art contests – even for esports games and real-world sports betting.
We all looked for a few fun distractions like games to entertain us in quarantine, even cybercriminals. Online poker tournaments gained popularity in the Dark Web community throughout the pandemic, with many ads and posts popping up on popular forums. There are even high-roller and VIP programs for frequent players, with high-end prizes that are especially valuable to bad actors.
What’s in Play?
While there aren’t any free buffets or shows, researchers report that there have been plenty of data bonanzas including password lists available for winners. There have also been some expensive and unusual prizes at stake in these cybercriminal sponsored contests including:
- Access to cloud-based logs of stolen data, including PII and stolen credit cards
- A Visa Gold card (with a seven-month warranty) registered using leaked scanned IDs
- A script to automate the creation of cloned websites and e-shops often used to harvest user credentials, PII, credit cards, e-wallets, and other monetizable assets
- A license for credit card fraud anti-detection software, along with 50 custom configurations to mimic the legitimate credit card owner while avoiding detection by antifraud systems
- Licenses for Linken Sphere, a customized browser that uses stolen credentials and system fingerprints to avoid anti-fraud system detection; used to monetize stolen credit cards or payment systems credentials
Is Your Data in the Kitty?
The tremendous amount of data that’s available on the Dark Web today is still growing. Since 2013, over 9.7 billion data records have been lost or stolen, and more than 80% of the data that’s available in Dark Web data markets right now can be used to harm a business. That includes inexpensive lists and open databases with millions of stolen passwords and cheap (or free) password cracking software.
As people continue to work from home, it’s become extremely easy for cybercriminals to get their hands on especially powerful privileged and specialty credentials. The market is flooded, and even valuable passwords like administrator credentials and remote desktop protocol passwords are going for a little bit less these days. That’s great news for cybercriminals but bad news for businesses.
Data Thieves are Ready to Run the Table on Your Business
It’s especially important that businesses are watching for potential trouble from every side right now. In a challenging economy where everyone is relying more on cloud-based technology to work from home, cybercriminals have plenty of extra opportunities to steal data and passwords and use them to access systems illegally without raising suspicion as quickly as that would have in the pre-WFH era.
Dark Web ID is the perfect choice for monitoring the security of business credentials. Using human and machine intelligence, Dark Web ID searches the Dark Web and analyzes its findings to locate your company’s protected credentials. If they turn up in a data dump or market, you’re alerted to it right away, allowing you time to deal with the compromise before the bad guys do. Let us help you make sure that your company’s passwords aren’t in the pot at the next big Dark Web poker night.
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!