Since the scandal involving
Mark Zuckerberg
and
Jeff Bezos
in 2019, when NBC published that the former provided Facebook user data to Amazon in exchange for this company advertising it;
Even the suspicion of the North American government for the data that the Chinese TikTok collects from its users... the
battle is now for the data
.
The data of the people.
Maybe the new oil.
The value of customer or user data has gone so far that it is now more valuable to cybercriminals than credit card data, according to new research.
Phishers "give up" on credit card data.
"The number of cybercriminals targeting
credit card information
with phishing kits
dropped 52% in one year
, indicating that cyber attackers are prioritizing
personally identifiable information such as names, emails, and addresses
, which can be sell at a higher price on the dark web or they can be used to perform more operations," says IBM Security's X-Force Threat Intelligence Index, a detailed report highlighting the latest criminal behavior online.
"Now there are fewer credit card thefts because the financial sector has invested a lot of money in security, and a credit card can be canceled very quickly,"
Diana Robles, IBM Security leader for Colombia, Peru, told
Clarín
. Ecuador, Venezuela and the Caribbean.
In addition, "personal information, if it comes with passwords to enter company systems, can be much more profitable," adds Robles.
Email chains, the new target of hackers
The IBM Security operations center in Cambridge, United States.
What has increased significantly is the
hijacking of company email chains
.
"Hijacking of email conversation threads increased dramatically in 2022, with attackers using stolen accounts to reply to conversations,
posing as the original participant
. X-Force observed the monthly attempt rate globally increased 100%" , maintains the report.
"What they usually do is get into a business conversation by email. And for example, if they pretend to be the selling company, they can get a certain payment to end up in their bank account. There are cases of transfers of up to 5 million dollars
that
never recovered," says Robles.
In Latin America, the hijacking of e-mail conversations represented 11% of the attacks.
There is more.
X-Force reported that criminals sell existing backdoors, which allow remote access to company systems, on the dark web for up to
$10,000
compared to stolen credit card data, which currently sells for less. $10, according to the investigation.
However, other specialists note nuances.
"We do see an increase in identity theft attempts in general,
but not a drop in attempts to get credit cards
," says Gabriel Zurdo, CEO of BTR Consulting.
"These personal data - adds Zurdo - are usually used to
impersonate the victim
to commit some kind of robbery. On the dark web,
an Instagram account with 100,000 followers sells for $3,000
. And one with few followers for 65 or $70, the same as a Gmail account."
Photo: Pexels
As recently published by this consultant, the
data of a credit card can be sold for up to
120 dollars
.
An email database can be offered for the same value.
In addition, on the dark web they offer a hacked Twitter account for $25 and a Facebook account for $45.
And the package of a thousand fake Linkedin followers is 10 dollars.
The opinion of Luis Corrons, Avast Security specialist, goes in the same direction as Zurdo's.
"I don't think phishers are going to give up on credit card data, they're
not just sticking with it and broadening their sights
. "
"Cybercrime - adds Corrons - continues to grow, and although credit card theft is lucrative, let's remember that it is normally aimed at end users and
the profits they can obtain are limited
, while there are other much more lucrative attacks (such as ransomware , BEC or business email attack, data breach) where they can get
millions of dollars in a single attack
, and these also start mostly with a phishing attack."
In any case, this expert maintains that
the trend is going there
.
"In the end we are talking about criminals who are professionals and analyze what is the best return on investment. How much money can you get from a stolen credit card? And how much can you get if you get the data of a company worker and thanks Do you steal that information from them and ask for a ransom, or do you pose as the president of the company and get them to make a million-dollar transfer?" Corrons wonders.
IBM Security's annual X-Force Threat Intelligence Index report is based on the company's ongoing monitoring of more than
150 billion security events per day
in more than 130 countries.
SL
look also
Only 11% of companies did not suffer any cyber attack in 2022
Artificial intelligence gets involved in the fight against cybercrime