According to several computer security researchers, any type of information can be found on the darkweb that can be used to storm computer systems and even personal accounts of individuals.
Indeed, on forums, whether for free or for a fee, it is very easy to have access to login credentials, bank accounts, network administrators' accounts or even special social network accounts. Whether it's passwords to usernames, you can easily get them unfortunately.
This article will also interest you: Data theft and the direct impact on user protection
Recently, there was talk of 15 billion identifying and login information. After nearly 18 months of analysis, Digital Shadows researchers inquired about how cybercriminals used stolen login information. They have highlighted the fact that this practice is not only very easy, but it is also economical. Can make a lot of money for cyber criminals.
This may explain how stolen login credentials are increasingly proliferating on the web. Or let's say on the Dark Web. The problem with all of this is simply that users who are affected by these disclosures of information don't even realize it. And their information, can be shared repeatedly on different forms and online platform. Despite this, security experts say that nearly 5 billion unique login credentials can be found on the internet. Most often marketed by cyber criminals, allowing buyers to initiate cyberattacks against those affected.
The most popular login information in the cyber-malicious field for sale, about the general and the information that allows access to admin accounts. This kind of information can be negotiated up to $100,000. On average, the price of such information could range from $3,000. What we have to admit is a very large amount. However, the investment is worth it. Indeed, with this kind of data, they can initiate computer attacks that could bring them more than they paid. Cyberattacks can bring in millions to their initiators. Especially ransomware attacks.
But the data that sells best is the data for antivirus, bank cards and streaming services. As far as public accounts are concerned, the sale of bank information takes the lead in the illegal market. On this side the average price is $70.91. For example, with information related to the bank account, a cybercriminal can access the contents of all the funds contained in that account. That's the highest to thousands of dollars or even millions. Not to mention the possibility for the latter to generate credit cards and initiate loans at the expense of the main user.
After the banking information, there is also anti-virus data. The average cost on this side of $21.67, which is literally less than that of a normal annual subscription.
For streaming media data, whether for sharing tool or file accounts, VPN services, or even social networking, it is possible to provide login information starting at an average of $10. In this kind of situation, the Internet user unfortunately does not even realize that he has been hacked.
The main cause according to cybersecurity researchers of this proliferation of online login information, and the use by Internet users of low-intensity passwords. Or in other contexts, reusing these same passwords for multiple accounts. This unfortunately makes them vulnerable to brute force attacks. "These attacks are usually automated login attempts that use a predetermined list of access identifiers – often combinations of usernames or email addresses and clear passwords – from previous data breaches or leaks. guirakhoo of Digital Shadows. "These tools are inexpensive and easy to use, and even offer a certain level of automation to make access to an account trivial," he explains.
The best way to protect yourself upstream and use hard-to-constitute passwords to make it difficult to crack by brute force attack. Moreover it is recommended the use of password manager, which could necessarily include better to make the latter a little more on the site. In addition, multi-factor authentication would be one of the alternatives or even a requirement for how to access the account. It further guarantees security in terms of extra protection.
For all Internet users, it is recommended to change your passwords regularly. It seems difficult but important. For $15 billion, with a compromised account, there's a good chance yours will be part of it. "If you think your account has been compromised, you should immediately change your passwords – and for any other service where you used the same password – and verify any fraudulent activity. This is where unique passwords are useful. Guirakhoo concludes.
Now access an unlimited number of passwords: