Cyber security company, Trend Micro in its recently released report titled “Your stolen data for sale,” ranked Browser data the number one target for data stealers.
The report which details the risks associated with data theft and its subsequent misuse revealed that the risk of data theft is greater than ever, with the value of stolen data continuing to increase on the black market and infected computers often located in developing countries.
During the first half of 2023, around 2.4 million malware families were blocked by Trend Micro in Nigeria.
To complicate matters, the growing trend of remote work and cloud storage solutions has also created new opportunities for infostealer attacks.
Infostealer malware is currently responsible for most of the stolen data being sold on the criminal underground. It is a type of malicious software that cyber criminals use to extract sensitive information from a victim’s computer or mobile device. Once a victim is infected, their data will be extracted from the machine and put up for sale.
It is essential for individuals and businesses alike to understand the market for stolen data.
Technical Lead, African Cluster at Trend, Emmanuel Tzingakis, said: “This will allow them to take the necessary precautions to safeguard themselves against data breaches and to implement strong security measures to protect their sensitive information.”
To help online users better understand the types of data that are most at risk, Trend Micro compared the 16 most active infostealers in recent years in terms of stealing capabilities and types of data each one targets. Findings from the research were as follows:
What is stolen data being used for?
Infostealers are specifically designed to steal data, such as credentials, credit card and financial information, and other critical information, that can later be used for other fraudulent activities.
This data, which can be stolen from the browser’s saved passwords or from browser cookies, could even allow the criminal to bypass multiple factor authentication (MFA).
However, this value is time-sensitive; it’s only good based on how long a session remains open with each affected account.
The most common ways for hackers to monetize stolen credentials include: Draining cryptocurrency wallets. Making transactions on behalf of the user on e-commerce sites and banking sites.
Attacking the victims’ contacts. For example, performing the “stranded traveler” scam, which involves impersonating victims to contact their friends and ask them for money.
Entering users’ organizations through their VPN credentials and performing lateral movement to gain a foothold in the organization.
Which data is most valuable?
The value of individual stolen data varies depending on its type, quality, and availability. For example, credentials for a bank account with a high balance will be much more valuable than those for a social media account.
It is perhaps not surprising then that browser data is by far the preferred target for data stealers, with its treasure trove of sensitive information, including authentication cookies, stored credit cards, credentials, passwords, and navigation history.
Together with cryptocurrency wallets, website credentials are also the type of data which is most easily monetized.
Mail credentials, on the other hand, are as actionable as web credentials, but they are harder to find on underground marketplaces.
Other categories, like Wi-Fi credentials and desktop screenshots, are also not so easy to sell or abuse, and are therefore categorized as less risky.
Finally, the more data is available about an individual, the more valuable and susceptible to misuse in fraudulent activities it becomes.
“Personal data is and will continue to be a prime target for criminals because it is easy to obtain and make money from.
“Therefore, data shops will remain a staple in criminal communities, showing no signs of dwindling anytime soon,” Tzingakis said.
“With the festive season fast approaching, online users will be at even greater risk from infostealers and should take particular care where specific types of data, such as their credit card details, are concerned”, he added.
Send your press invite, news, press releases/articles to augustinenwadinamuo@yahoo.com. Also, follow us on Twitter @PrimetimeRepor1 and on Facebook on facebook.com/primetimereporters or call the editor on 07030661526.
