Cheap financial data for cybercriminals to buy online

Accessing compromised financial data only costs cybercriminals around $8, which is about the price of a large latte and a pastry. (Photo by Joe Raedle/Getty Images)

For banks that are victims of identity theft or account incursion, the cost of compromised data and accounts can be quite significant in terms of time and money. However, for cybercriminals who access or sell this information, the price can be as cheap as the cost of a large latte and a pastry.

Recent research from Trustwave SpiderLabs found that, “for the price of a Starbuck’s Caramel Frappuccino Grande and a cheese danish, about $8, a cybercriminal can get all the information needed to max out a stolen credit card from a person and possibly steal their identity”.

The research is the result of a larger study of what cybercriminals charge for stolen financial records.

The team found repositories of financial and identity records as well as virtual private network (VPN) and remote desktop access credentials on various darknet markets and uncovered a complicated pricing structure which sees threat actors price their information the same as any seller on a legitimate retail business. to place. Prices vary depending on the country from which the information was stolen and the quality and depth of the content associated with the credentials. However, in many cases, even legitimate financial records can sell for less than $10 each, given the overabundance of the black market.

“Criminals are choosing to wholesale credit card and driver’s license information instead of cashing in quickly and avoiding the time and hassle of using assets,” according to research from Trustwave SpiderLabs. “Typically, threat actor activity is divided into business areas, someone digs, attacks, and someone else sells data or extracts user information and uses it to get money. If the hacker or the group does not know how to use the stolen information, they sell it. »

Trustwave SpiderLabs has found that in most cases what is sold on a forum has already been sold or used by a hacker. Thus, a buyer may not get hacked data firsthand; and these threat actors are cashing in. For example, the FBI’s 2021 Internet Crime Report said credit card fraud in the United States resulted in losses of $172,998,385, and that only takes reported incidents into account.

The cost of financial information on the darknet

Source: Trustwave SpiderLabs

Comments are closed.