In 2022, the price of a common database on the dark web that does not contain financial and other sensitive information is almost halved because of cyber attacks and leaks. At the same time, databases containing relatively inaccessible and financially sensitive information become more expensive.
According to Positive Technologies, a purchase of "simple" data on the dark Web in 2021 might cost $200- $250. By 2022, a similar purchase would cost $100- $150, almost halving the price. But databases containing information fraudsters need, such as customers' relationships with banks and information about their accounts or official records, have increased in value by nearly 100 percent, according to DLBI, and the number of such data being sold has fallen.
The most expensive data
According to an analysis by the firm InfoWatch Group, the most expensive data in 2022 was from bank databases, including those leaked by company employees. And their prices on the dark Web rise as they change hands. "Typically, the seller (for example, a bank manager) charges no more than 30 percent of the price of the data being sold, and the intermediary can earn much more," said Andrey Arsentiev, head of analytics and special projects manager at InfoWatch Group.
According to IB, a threat intelligence firm, 140 databases were released on the dark Web in the summer alone. In such an event, databases of 75 Russian companies were immediately published on the Internet. Victims include Internet delivery services, transportation, construction, medical companies, online movie theaters, telecom operators, and others. A total of 304 million lines of data were made public during these events.
Customer relationship management systems were targeted
According to Nikolay Chursin, an analyst in the threat analysis group at Positive Technologies, there has recently been a demand for access to company CRM systems (customer relationship management systems) from which criminals themselves can access information about company employees and customers, Customer relationship management system access is a very important source of data.
He said: "This means that a small number of criminals have access to the latest data of real users. This data can be sold at extremely high prices and can be used to target wealthy individuals, businesses, and key government employees through social engineering."
A large number of data breaches
Earlier this year, unknown criminals stole data from more than 5.4 million Twitter accounts and posted it on an open hacking forum. The leaked data includes information not accessible to the public, including personal phone numbers and email addresses.
Twitter has revealed a new and bigger data breach. A hacker posted the data of 400 million Twitter users on a notorious dark Web forum and blackmailed the social network's CEO and owner, Elon Musk, suggesting he buy the data exclusively to avoid GDPR lawsuits and fines that would otherwise be sold to others. Independent information security experts confirmed the authenticity of the latest data leak.
Over the past year, Meta has fired or punished more than two dozen employees and contractors accused of giving criminals unauthorized access to certain user accounts on its social media sites, Facebook and Instagram, in some cases in exchange for thousands of dollars in bribes.
According to a study by Thales, one in three Internet users (33 percent) has been the victim of a personal data breach, and 82 percent of them have had their lives negatively impacted as a result.