Data breaches, stolen data and their sale in the Dark Web

Trend Micro published a report that explains the dynamics triggered by data breaches, following data from the incidents to their offer in the Dark Web.

Trend Micro published a report that explains the dynamics triggered by data breaches, following data from the incidents to their offer in the Dark Web.

Stolen data is a precious commodity in the criminal ecosystem, and in particular in the Deep Web. The great number of data breaches that security firms frequently discover are fueling the underground market of an impressive amount of users’ data.

Let’s think to the recent attacks suffered by Ashley Madison, OPM and Hacking Team that impacted millions of users, their accounts and intellectual property were compromised by even more sophisticated hacks.

As usual experts at Trend Micro are a source of inspiration for me, like me, they constantly monitor the evolution of the criminal underground giving us an interesting point of view of the activities of the principal crime rings.

The last report entitled “Follow the Data: Dissecting Data Breaches and Debunking the Myths” focuses on the data breaches and the dynamic triggered by such kind of events.

The experts integrated their analysis with data from the Privacy Rights Clearinghouse (PRC)’s Data Breaches database, they discovered hacking or malware account for 25 percent of data breaches in Q1 2015. Other causes are insiders, physical skimming devices and the loss or theft of devices (i.e. Mobile devices, flash drives).

Data breaches are phenomena really complex to analyze, it is not easy to promptly discover the root causes neither to predict the medium and long-term effects on the victims.

Some data breaches are caused by threat actors intentionally, others are the result of an unintended disclosure, typically personnel mistakes or negligence.

The statistics on the data breaches confirm that the number of incidents that exposed credit and debit card data has increased 169% in the past five years. It is interesting to note that the value of information in the underground market is rapidly changing, while the prices for credit and debit card, bank account, and personally identifiable information (PII) dropping due to oversupply, the value of compromised Uber, online gaming and PayPal accounts are rising. PII is the data most likely stolen followed by financial data.

Analyzing the data breaches per industry, it is possible to note that Healthcare it the most affected by data breaches, followed by government, and retail.

The report follows the entire life cycle of the data breaches, from the intrusion to the offer of the stolen data on the Dark Web.

The researchers investigated on the prices of commodities in the black markets hosted in the Tor Network, US accounts of mobile operators can be purchased for as little as $14 each, but the underground offer much more, including Amazon, eBay, Facebook,  PayPal, Netflix,  and Uber accounts.

The offer is very articulated and multiple factors contribute to the final price of the commodity, for example PayPal and eBay accounts which have a few months or years of transaction history go up to $300 each.

Bank account offered for a price ranging from $200 and $500 per account, depending on the balance and the account history.

As anticipated the disconcerting finding of the research is related to the value of personally identifiable information (full address, a date of birth, a Social Security number, and other PII), each record is sold for $1.

As already reported by other reports, document scans of passports, driver’s licenses and utility bills, are becoming even more popular, many sellers in the black markets include in their offer also this kind of information that could dramatically improve the efficiency of fraud schema.

Document scans are available for purchase from $10 to $35 per document.

I don’t want to tell you more. Enjoy the report!

Pierluigi Paganini

(Security Affairs – Deep Web, Data Breaches)