The Dark Web Uncovered

2D7B266700000578-3276190-The_report_found_a_value_hierarchy_in_how_this_stolen_data_is_pa-a-7_1445014741932.jpg

The report found a 'value hierarchy' in how this stolen data is packaged, priced

A new report from Intel Security has shone a light on the shadowy world of Dark Web cybercrime markets, where everything from £1 Netflix accounts to critical infrastructure access is available.

The security giant’s McAfee Labs division revealed a cyber-criminal underground, which mimics the real world—with sellers offering guarantees on stolen cards, and 'disreputable' members of illegal forums named and shamed. Stolen credit and debit cards start at just $5 in the US, while online video streaming services are even cheaper, beginning at only $0.55.

Payment card info is there in abundance, with the basic package including account number, CV2 and expiry date. Prices then rise for additional information such as bank account ID number, date of birth, and billing address, which allows the cyber-criminal to conduct more types of fraud.

Other data bought and sold on such sites included bank log-ins, payment service account details and even loyalty card info, Intel Security claimed.

Hackers are even selling the means to launch cyber-attacks on large corporations or critical infrastructure systems. The firm’s EMEA CTO, Raj Samani, argued that these underground markets are extremely volatile, with the recent spate of data breaches having precipitated a huge decrease in prices.
“When a breach occurs, stolen card credentials flood the market and prices can plummet. One recent breach resulted in details for over 100 million cards being stolen and overnight prices tumbled,” he told Infosecurity.
“However, the breadth of information being stolen goes far beyond payment cards. Almost everything that you can imagine is being sold. In such an enormous marketplace, sellers are also undercutting each other to try to ensure that their stolen data gets buyers’ attention.”

Far from being hidden away on anonymisation platforms like Tor, many of these markets are easy to find, Samani added.
“A few seconds of digging using a standard search engine reveals that the majority of this data is not hidden away,” he claimed.

Nevertheless, businesses should get more proactive in investing in advanced intelligence tools to scour both surface and dark web for signs of stolen data.
“You can’t work to protect and retrieve information if you don’t know it has been stolen,” Samani argued. “Any measure to protect valuable corporate information falling into the wrong hands is a step in the right direction.”

Infosecurity: http://bit.ly/1KjRVcZ

 

 

« IBM's Watson Analytics - New Data Discovery
Attract and Retain Great Cyber Security Talent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Cybernetica

Cybernetica

Cybernetica is an ICT company with activities in e-government, marine comms, data analysis and research in information security technologies.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.