A team of cybersecurity researchers found that VPN credentials for companies were the most expensive category of financial data sold online.

Cyber ​​security experts have discovered that stolen credit card details and other confidential information can be purchased for as little as $8 in the dark corners of the Internet.

Researchers at SpiderLabs, the hacking and investigations arm of cybersecurity company Trustwave, conducted an extensive study of what cybercriminals charge for various stolen items, such as credit cards, bank accounts and passports on the dark web. .

In a blog post on Wednesday (August 3), Trustwave said it found a repository of financial and identity data along with VPN access to organizations that were being illegally sold online. This was similar to how legitimate businesses price and sell their products on websites.

According to an FBI cybercrime report, reported incidents of credit card fraud in the US resulted in nearly $173 million in losses for victims in 2021.

Why sell?

But why are these valuable recordings being sold by criminals when they can use them themselves? The SpiderLabs team thinks the answer lies in fit and comfort.

“Criminals choose to wholesale credit card and driver’s license information instead to cash in quickly and avoid the time and hassle required to use the assets,” the team wrote in the blogpost.

“In general, the activity of threat actors is divided into business areas, some are digging, attacking, and others are selling data or extracting user information and using it to get money. If the hacker or group doesn’t know how to use the stolen information – they sell it.”

It was also found that in most cases, what is sold on a forum was previously sold or used by a hacker, which means that a buyer does not always get hacked data first hand.

In addition to credit cards and bank accounts, stolen data sold on the dark web includes accessing organizations through their VPNs, social security numbers, driver’s licenses, and forging supporting documents to prove ownership of some of the these documents.

VPN access and credit card details

For credit cards sold online, the price can be as low as $8 in the US and up to $1,500 in the US, EU and Asia. The general price range for different types of credit cards sold illegally in Europe is between $25 and $1,500. In general, the higher the limit, the more expensive the card.

Meanwhile, accessing stolen bank accounts can cost anywhere from $100 to $3,000 in all three markets.

“The higher the amount that can be stolen, the more expensive the purchase. Additionally, the price is related to how easy it is to access the bank account as some banks may not be easier for a criminal to defraud,” SpiderLabs said.

“The seller usually mentions the balance in that account along with the victim’s physical address. This can be done to imply the potential level of wealth of the target, an address in Los Angeles or New York City may arouse more interest from a buyer.

VPN login credentials were found to be the most expensive category of data sold on the dark web.

“This is logical considering what a threat actor can do once inside an organization. Everything from stealing money, corporate espionage, stealing IP, planting malware and planting ransomware are all on the table once access is gained.”

In one case, the team found an advertisement demanding $5,000 for access to an unidentified corporate network. Another was priced at $2,5000 for VPN credentials for a Korean company with estimated revenue of $7 billion.

“If a company has solid cybersecurity protections, even this level of access may not be enough to cause serious damage,” SpiderLabs said.

“The ability to use that access for malicious purposes will be limited to environments that are fairly restricted, using network segmentation and checking for anomalies.”

10 things you need to know straight to your inbox every weekday. Register for Daily summarySilicon Republic’s roundup of essential tech news.

Leave a Reply

Your email address will not be published.