Access to compromised financial data may only cost cybercriminals about $8, roughly the cost of a large latte drink and a pastry. (Photo by Joe Raedle/Getty Images)For bank victims of identity theft or account incursion, the cost of compromised data and accounts can be quite significant in terms of time and money. However, for the cybercriminals that are accessing or selling this information, the price may be as cheap as the cost of a large latte and a pastry.Recent research from Trustwave SpiderLabs found that, “for the price of a Starbuck’s Caramel Frappuccino Grande and a cheese Danish, about $8, a cybercriminal can obtain all the information needed to max out a person’s stolen credit card and possibly steal their identity.”The research came as a result of a larger study into what cybercriminals charge for stolen financial records.
The team found repositories of financial and identity records along with virtual private network (VPN) and remote desktop access credentials in various darknet markets and uncovered a complicated pricing structure that sees threat actors pricing their information in the same manner as any seller on a legitimate retail site. Prices vary depending upon the country from which the information was stolen and the quality and depth of the content associated with the credentials. However, in many cases, even legitimate financial records can sell for less than $10 apiece, given the glut on the dark market.“Criminals opt to sell credit card and driver’s license information wholesale instead to quickly cash out and to avoid the time and trouble required to use the assets,” according to the Trustwave SpiderLabs research. “Generally, threat actors’ activity is divided into business fields, someone is digging, attacking, and others are selling data or extracting user information and using it to obtain money. If the hacker or group does not know how to use the stolen information — they sell it.”Trustwave SpiderLabs found that, in most cases, what is being sold on a forum was previously sold or used by a hacker. So, a buyer may not get first-hand hacked data; and these threat actors do cash out. For example, the FBI’s 2021 Internet Crime Report stated credit card fraud in the U.S. resulted in $172,998,385 in losses, and this only takes into account reported incidents.
The cost of financial information on the darknet
Source: Trustwave SpiderLabs
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Trump "does not have the power to give away our private information to anyone he chooses, and he cannot cut federal payments approved by Congress," said the coalition of 14 states attorneys, which includes attorneys general from California, New York, Colorado, Arizona, Hawaii, Illinois, Connecticut, Maine, Minnesota, Maryland, Vermont, Rhode Island, and Nevada.
Such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries.
Brazil accounted for most of the attacking IP addresses, which were primarily from MikroTik, Cisco, Huawei, ZTE, and Boa routers and Internet of Things devices, reported The Shadowserver Foundation, which noted the existence of the erring IP addresses across several networks and autonomous systems.