You know, attackers don’t hack anyone these days; they just log on. But how? They steal a user’s data and get access to a system, remain hidden, and then raise their privileges to “log in” to more areas of the network. However, this stolen data goes to the dark web, and it is one of the main services on the dark web that leads to cybercrime attacks. Read further to know more about how stolen credentials are sold on the dark web.
The Role of the Dark Web in Stolen Data
The dark web is an important platform for cybercriminals to help them sell and purchase stolen data. This underground web is basically thriving on anonymity. The dark web helps cyber criminals communicate, distribute malware, sell data, and work together on cyberattacks without revealing their identities. Let’s see how cybercriminals use the dark web for stolen data.
- Distribute services for cyberattacks: Threat actors offer software vulnerabilities and services for cyberattacks, phishing attacks, and financial fraud.
- Forums: Cybercriminals use secure messaging forums of the dark web to plan and coordinate cyberattacks.
- Marketplaces: Many dark web markets are offering stolen credentials and personal and financial data.
How Stolen Credentials Are Sold On The Dark Web
The procedure of stolen data and credentials starts when the data is illegally gained and ends with its sale on the dark web world. The economy of the dark web network blooms on the continuous stream of personal data nourishing numerous forms of cybercrime. Here we have shared the details on how stolen credentials are sold on the dark web world.
How Credentials Are Stolen?
Credentials are goldmines for cybercriminals, flooring the way for a host of evil activities. The procedure of collecting the credentials and subsequently selling them on the dark web involves a combination of cunning strategies, advanced technology, and exploitation of human error. The below-mentioned are the ways a threat actor could steal the credentials.
Data Breaches
The most common way for stolen data and credentials to be obtained is via data breaches. It happens when an unauthorized person or a group gets access to a company’s protected network and extracts sensitive data. However, cybercriminals often target large corporations that hold large amounts of data. When the threat actor extracts the data, they sell it on the dark web in bulk.
Phishing Attacks
The phishing attack is a fake strategy that tricks a user into revealing their credentials. Cybercriminals pose as a trusted entity like a bank or a company head and send emails or texts notifying the user to share sensitive data. After that, threat actors sell the stolen credentials on the dark web or use them for further attacks.
Malware
Malware, also known as malicious software, is a tool that helps to steal credentials. There are many types of malware, like keyloggers, that record keystrokes, capture screenshots, and monitor the activity of a user to get sensitive data. This data is sent back to the cybercriminals.
Credential Stuffing
Cybercriminals use automatic software for credential stuffing attacks to test blends of usernames and passwords across numerous sites. This process exploits the fact that many people reuse their passwords across different online platforms. When a threat actor steals these credentials, they leak them on the dark web forums and markets to sell and trade.
Man-in-the-Middle Attacks
Cybercriminals intercept the communication between a user and a service on secured or public Wi-Fi networks in a man-in-the-middle attack. Cyberattackers put them in the conversation and capture login credentials as they are conveyed without the party realizing that the data has been negotiated.
Stolen Credentials Are Sold on The Dark Web
Cybercriminals use dark web markets and forums to sell or trade the stolen data and credentials with impunity. The stolen credentials and personal data are often sold in the Combolists, a compilation of usernames, passwords, ID numbers, addresses, and assorted bits of more data from various breaches.
The prices of stolen data depend on the type and the value of the data. For example, credentials for a popular e-commerce or banking site may fetch a higher price than those for a lesser-known platform. However, each new data breach recovers these combo lists, raising their value and effectiveness in cybercriminal groups. Moreover, the anonymity and nature of the dark web world facilitate the transactions for stolen data.
Here we have shared the popular active dark web markets dedicated to the trade of stolen data.
- TorZon Market: This market offers a vast list of products, including drugs, digital goods, fraud services, counterfeit items, malware software, and security and hosting options. The marketplace was known for its easy-to-use interface.
- Elysium Market: In this market, you will get categories for drugs, fraudulent goods, digital services, weapons and tools, counterfeit items like fake passports, documents, counterfeit currency, and other miscellaneous goods.
- Cypher Market: This marketplace continued to operate in the shadows, offering a range of counterfeit products, hosting and security, software and malware, drugs, guides and tutorials, and other listings.
Types of Stolen Data Found on the Dark Web
The stolen data on the dark web includes a wide range of data, including
- PII—Personal Identifiable Information: Data like names, addresses, social security numbers, phone numbers, and birth dates are frequently sold for identity theft or fraud.
- Financial Data: Data like credit card numbers, bank account details, and financial accounts are highly sought after for immediate financial gain.
- Login Credentials: Usernames and passwords for various online accounts exploited for unauthorized access to email, social media, and banking accounts.
- Company Data: Competitors or cybercriminals may seek data like trade secrets, proprietary information, and customer databases to gain unfair advantages or extort companies.
The Price of Stolen Data on the Dark Web
The worth of stolen data on the dark web depends on some factors, including.
- Type of data
- Demand among cybercriminals
- Data Freshness
- Bulk versus Individual Sales
- Account Balances and Limits
- Completeness of Information
For example, for a Social Security number, prices can range from as low as $1 to up to $2,000 for a U.S. passport. Meanwhile, other items like credit or debit card details can get anywhere from $5 to $110, but the price will depend on additional data like CVV numbers or bank details.
Final Thoughts
Cybercrime is drastically increasing via stolen credentials on the dark web, offering a difficult encounter to both individuals and companies. I hope this post helps you to find out how stolen credentials are sold on the dark web and helps you out on how your stolen credentials can make entry into the underground world.