A new study by a security research firm reveals that billions of credentials are for sale on the dark web accumulated from over 100,000 separate data breaches.
I have read the study, and it is stellar. The study is chocked full of interesting statistics and trends on the dark web and provides stunning insight into the sheer magnitude of stolen information and how it is being used globally.
18 Months Of Research Presented In A Whitepaper
The Digital Shadows Photon Research team has spent 18 months auditing criminal forums and marketplaces across the dark web.
The study, entitled From Exposure to Takeover finds there are more than 15 billion credentials in circulation in cybercriminal marketplaces, many on the dark web – the equivalent of more than two for every person on the planet.
The number of stolen and exposed credentials has risen 300% from 2018 as the result of more than 100,000 separate breaches. Of these, more than 5 billion were assessed to be ‘unique’ – i.e. they have not been advertised more than once on criminal forums.
Credentials Sell From $15 to $70
Researchers found that most credentials belong to consumers, and cyber criminals give away many for free; those that are sold go for an average of $15.43.
The report goes on state that bank and other financial accounts are the most valuable, selling for an average of $70.91 apiece. They account for 25 percent of all the advertisements we analyzed.
Account accesses for antivirus programs garner the second-highest prices: around $21.67. Accounts for media streaming, social media, file sharing, virtual private networks (VPNs), and adult-content sites all trade for significantly under $10.
Banks, streaming websites, VPN services, Cable companies, education websites and Adult websites are the most commonly available types of credentials that are available for sale on the web.
This figure from Digital Shadows breaks down what types of credentials are available.
Domain Administrator Access Credentials Can Go For Over $100,000
The golden goose of credentials is access to key systems like websites and domains.
In one of the key findings in the report, Access to organizations’ key systems is being sold at a significant premium. Dozens of advertisements offer domain administrator access through auctions, selling it to the highest bidder for up to $120,000 (with an average of $3,139).
Digital Shadows found that privileged accounts, like administrator accounts, are considered extremely valuable in the criminal underworld. Not only do they give access to a network, but they feature the highest levels of control and trust, and their permissions are early unlimited.
Account Takeover Is The End Game
Ultimately, the study finds that account takeover is the final end game with these stolen credentials. The average person uses an average of 191 services that require them to enter passwords or other credentials.
So whether those credentials are used to access banking accounts, stream videos, access music or digital services on websites, consumers can rarely escape the risk of account takeover.
And many services and tools are readily available on the dark web to help would be scammers and fraudsters tap into other peoples accounts.
According to Digital Shadows, Account takeover has never been easier (or cheaper) for cybercriminals. Brute-force cracking tools and account checkers are available on criminal marketplaces for an average of $4. With recently launched options for ATO “as-a-service”, a criminal can rent an identity for less than $10.
CyberCriminals Try To Create a Sense of Community
Not surprisingly, cybercriminals are competitive and they want to service their clientele and keep them back for more.
Researchers at the firm indicated that they do this through creation of forums where groups of fraudsters, scammers and cybercriminals can congregate.
Whatever the motive for their “philanthropy”, cybercriminals are building a sense of community on the forums they use―which is one of the critical determiners of a forum’s overall success. The more forum users feel an element of camaraderie with their fellow users, the more likely they are to stick around, if not just for the free streaming accounts.
They explored this topic of camaraderie more in a separate white paper that you can read and download – here.
Check Out Their Live Webnr
This group of researchers seems to really deliver. If you want to check out more of their work, You can register for Digital Shadows live Webnr on the subject here – https://info.digitalshadows.com/Live-Webinar-ATO.html?Source=report