Cybercriminals looking to hijack online accounts belonging to consumers and organizations have an almost unlimited supply of stolen and exposed credentials they can use to try and facilitate the takeover.
New research by Digital Shadows uncovered a stunning 15 billion credentials circulating on the Dark Web and in underground marketplaces. The compromised credentials from over 100,000 breaches in recent years were associated with a wide range of accounts, including domain administrator accounts, bank and financial accounts, and social media and video-streaming service accounts.
Prices in criminal marketplaces for these credentials ranged from an average of $3,139 for domain admin accounts to $70.91 for bank accounts, $21.67 for account access for antivirus programs, and less than $10 for credentials to adult sites. Usernames and passwords for video game accounts and file-sharing sites were available for less than $2 a pop.
Credentials to high-value accounts — such as bank accounts confirmed to have a certain amount of funds or accounts with privileged access to large enterprise networks and systems — tended to fetch much higher prices. Researchers from Digital Shadows came across dozens of advertisements on underground forums for admin accounts being auctioned to bidders at prices ranging from $500 to $120,000. Many of these premium credentials had usernames — such as "invoice," "invoices," "payments," and "partners" — that suggested they were associated with financial accounts.
"The cost of accounts can vary on their quality," says Kacey Clark, threat researcher at Digital Shadows. "Vetted, active credentials for a tried-and-tested bank account that include the victim's personal information will be more expensive than a bulk pack of streaming accounts that may or may not be active."
Overall, 25% of the ads for stolen an ..
Support the originator by clicking the read the rest link below.
