For banks suffering from identity theft or account raids, the charge for compromised information and accounts can be quite significant in terms of time and money. However, for cybercriminals accessing or selling this information, the value may be as reasonable as the charge. of a giant latte and pastries.
Recent studies by Trustwave SpiderLabs found that, “for the value of a Starbucks’s Caramel Frappuccino Grande and Danish cheese, around $8, a cybercriminal can get all the data needed to maximize a person’s stolen credit card and, in all likelihood, borrow their identity. “
The studies are the result of a broader assessment of what cybercriminals qualify for stolen financial records.
The team discovered repositories of monetary and identity records, as well as remote desktop access and virtual personal network (VPN) credentials in darknet marketplaces and discovered a confusing pricing design that makes risk actors price their data in the same way as any merchant in a valid retail retail location. Prices vary depending on the country in which the data was stolen and the quality and intensity of credential-related content. However, in many cases, even valid monetary records can sell for less than $10 each, given the saturation of the black market.
“Criminals wholesale credit card and driver’s license data instead of temporarily withdrawing money and avoiding the time and hassle that is required to use the assets,” according to Research from Trustwave SpiderLabs. “In general, the activity of risk actors is divided into advertising domains, someone excavates, attacks and others sell knowledge or extract data about users and use it to get money. If the hacker or the organization doesn’t know how to use the stolen data, they sell it. »
Trustwave SpiderLabs has found that, in most cases, what is sold on a forum has already been sold or used by a hacker. Therefore, a user may not get hacked information first-hand; and those risk actors are taking advantage. For example, the FBI’s 2021 Internet Crime Report indicated that credit card fraud in the U. S. The U. S. $172,998,385 in the U. S. resulted in losses of $172,998,385, and this only takes into account reported incidents.
August 24, 2022
Staff SC August 30, 2022
Twilio announced that 93 users of its two-factor authentication service Authy had their accounts compromised through the same phishing attack that hit the communications equipment company earlier this month, according to The Hacker News.
Permission researchers claim that counterfeit Okta users can publish cloud accounts to Azure, Google Cloud Platform, and AWS applications.