After the scandal involving Mark Zuckerberg AND Jeff Bezos in 2019, when NBC published that the former provided Facebook user data to Amazon in exchange for this company’s advertising; to the US government’s suspicion of the data that China’s TikTok collects from its users… i the battle is now for data. People data. Maybe the new oil.
According to new research, the value of customer or user data has gone so far that it is now more valuable to cybercriminals than credit card data.
Phishers “give up” your credit card information. “The number of cybercriminals focused on finding Credit card information with phishing kits it’s down 52% in one yearindicating that cyber attackers are giving you priority to personally identifiable information such as names, emails and addressesthat can be priced higher on the dark web or used to do more things,” says IBM Security’s X-Force Threat Intelligence Index, a detailed report highlighting the latest online criminal behavior.
“Now you see less credit card thefts because the financial sector has invested a lot of money in security and a credit card can be canceled very quickly,” he said clarion Diana Robles, IBM security leader for Colombia, Peru, Ecuador, Venezuela and the Caribbean.
Additionally, “Personal information, when accompanied by passwords to access corporate systems, can be much more profitable,” adds Robles.
Email chains, the new target of hackers
What has increased significantly is the corporate email chain hijacking. “The hijacking of email conversation threads has skyrocketed in 2022, with attackers using stolen accounts to reply to conversations, posing as the original participant. X-Force observed that the monthly retry rate increased by 100% globally,” the report said.
“What they usually do is enter into a business conversation via email. And, for example, if they pretend to be the selling company, they can get a certain payment that ends up in their bank account. There are cases of transfers of up to 5 million dollars that never recovered,” Robles says.
In Latin America, hijacking of email conversations accounted for 11% of attacks.
There is more. X-Force has published that criminals are selling existing backdoors, which allow remote access to corporate systems, on the dark web to up to $10,000 compared to stolen credit card information, which currently sells for less than $10, according to research.
However, other specialists note nuances. “We see an increase in identity theft attempts in general, but not a drop in attempts to get hold of credit cards“, says Gabriel Zurdo, CEO of BTR Consulting.
“These personal data – adds Zurdo – are habitual impersonate the victim commit some kind of robbery. in the dark web an Instagram account with 100,000 followers sells for $3,000. And one with a few followers for $65 or $70, like a Gmail account.”
As this consultant recently posted, the credit card information can be sold up to $120. An email database can be offered for the same value.
Also, on the dark web they offer a hacked Twitter account for $25 and a Facebook account for $45. And the package of one thousand fake LinkedIn followers is $10.
The opinion of Luis Corrons, a specialist at Avast Security, goes in the same direction as that of Zurdo. “I don’t think phishers will give up credit card information, but rather They don’t just limit themselves to these and expand their appearance”.
“Cybercrime – adds Corrons – continues to grow, and although credit card theft is profitable, we remember that it is normally aimed at end users and the profits you can make are limitedwhile there are other much more lucrative attacks (such as ransomware, corporate email or BEC attacks, data leaks) where they can get Millions of dollars in a single attackand even these mostly start with a phishing attack.”
Either way, this expert backs it up the trend is there. “In the end we talk about criminals who are professionals and analyze what is the best return on investment. How much money can you get from a stolen credit card? And how much can you get if you get the data of a company employee and thank you? Steal that information from them and demand a ransom, or pose as the president of the company and make them wire a million dollars?” Corrons asked.
IBM Security’s annual X-Force Threat Intelligence Index report consists of the permanent monitoring carried out by this company, with which it registers more than 150 billion security events per day in more than 130 countries.
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.