VPN credentials were the costliest type of stolen data being marketed, according to cybersecurity analysts.
On shadowy corners of the internet, you can purchase stolen credit card information, VPN access passwords, and other private information for as low as $8. Researchers at SpiderLabs, the hacking and investigative unit of cybersecurity firm Trustwave, claim this after conducting a thorough analysis of the prices hackers demand stolen data on the dark web.
This week, Trustwave revealed in a blog post that the team discovered a database of financial and identification documents as well as VPN access to companies that were being sold unlawfully online. Those whose data has been hacked are being affected by this action. According to the FBI Internet Crime Report, documented cases of credit card theft cost victims in the US around $173 million in damages in 2021.
Why sell?
Why are online criminals selling these priceless records when they can utilize the data themselves? The SpiderLabs team believes that convenience and haste are the answers. According to the team’s blog post, “criminals choose to sell credit card and driver’s license information wholesale instead of to fast pay payout to avoid the time and bother necessary to use the assets.” “In general, threat actors’ activity is broken down into several business sectors; some are assaulting, excavating, and selling data, while others are taking user information and exploiting it to make money. If the hacker or organization cannot utilize the information they have obtained, they sell it.
Additionally, it was discovered that most of the time, what is being sold on a forum was previously sold or utilized by a hacker, indicating that a buyer does not always receive data that has already been compromised. Along with credit card and bank account information, stolen data that was being sold on the dark web also contained social security numbers, license and passport numbers, and VPN access to companies. bank account access and VPN
According to SpiderLabs, data that can grant access to bank accounts can cost anywhere between $100 and $3,000. “The cost of the purchase increases as the quantity that can be taken increases. Additionally, the cost is correlated with how simple it is for someone to access the bank account because some institutions may be more difficult for a thief to trick,” it added.
The costliest type of data that SpiderLabs discovered being sold on the dark web was VPN login credentials. “Given what a threat actor can do once they enter an organization, this makes sense. Once access is acquired, everything is possible, including financial fraud, business espionage, IP theft, malware seeding, and ransomware planting. The search team once came across an advertisement that demanded $5,000 to get access to an anonymous business network. Another demanded $2,500 in exchange for VPN credentials from a Korean business with an estimated $7 billion in sales.
Even this degree of access “may not be enough to wreak catastrophic harm if a corporation has a good cybersecurity defense in place,” SpiderLabs stated. “In environments that are quite restrictive, employ network segmentation, and check for abnormalities, the potential to use such access for malevolent reasons will be limited.”
