Business

Trend Micro details latest ways hackers steal personal information

Published

5 months ago

December 7, 2023

Spread The News

New research by Trend Micro has detailed the latest ways in which hackers are stealing your personal information and selling it underground.

The report reveals that the risk of data theft is greater than ever, with the value of stolen data continuing to increase on the black market and infected computers often located in developing countries. During the first half of 2023, around 2.4 million malware families were blocked by Trend Micro in Nigeria.

To complicate matters, the growing trend of remote work and cloud storage solutions has also created new opportunities for infostealer attacks.
Infostealer malware is currently responsible for most of the stolen data being sold on the criminal underground.

It’s a type of malicious software that cybercriminals use to extract sensitive information from a victim’s computer or mobile device. Once a victim is infected, their data will be extracted from the machine and put up for sale.

“It’s essential for individuals and businesses alike to understand the market for stolen data. This will allow them to take the necessary precautions to safeguard themselves against data breaches and to implement strong security measures to protect their sensitive information,” says Emmanuel Tzingakis, Technical Lead, African Cluster at Trend.

To help online users better understand the types of data that are most at risk, Trend Micro compared the 16 most active infostealers in recent years in terms of stealing capabilities and types of data each one targets. Findings from the research were as follows:

What is stolen data being used for?
Infostealers are specifically designed to steal data, such as credentials, credit card and financial information, and other critical information, that can later be used for other fraudulent activities. This data, which can be stolen from the browser’s saved passwords or from browser cookies, could even allow the criminal to bypass multiple factor authentication (MFA).

However, this value is time-sensitive; it’s only good based on how long a session remains open with each affected account.

The most common ways for hackers to monetise stolen credentials include:
Draining cryptocurrency wallets.
Making transactions on behalf of the user on e-commerce sites and banking sites.

Attacking the victims’ contacts. For example, performing the “stranded traveller” scam, which involves impersonating victims to contact their friends and ask them for money.
Entering users’ organisations through their VPN credentials and performing lateral movement to gain a foothold in the organisation.

Which data is most valuable?
The value of individual stolen data varies depending on its type, quality, and availability. For example, credentials for a bank account with a high balance will be much more valuable than those for a social media account.

It’s perhaps not surprising then that browser data is by far the preferred target for data stealers, with its treasure trove of sensitive information, including authentication cookies, stored credit cards, credentials, passwords, and navigation history.

Together with cryptocurrency wallets, website credentials are also the type of data which is most easily monetised. Mail credentials, on the other hand, are as actionable as web credentials, but they are harder to find on underground marketplaces.

Other categories, like Wi-Fi credentials and desktop screenshots, are also not so easy to sell or abuse, and are therefore categorised as less risky.

Finally, the more data is available about an individual, the more valuable and susceptible to misuse and fraudulent activities it becomes.

“Personal data is and will continue to be a prime target for criminals because it’s easy to obtain and make money from. Therefore, data shops will remain a staple in criminal communities, showing no signs of dwindling anytime soon,” says Tzingakis.

“With the festive season fast approaching, online users will be at even greater risk from infostealers and should take particular care where specific types of data, such as their credit card details, are concerned.”

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, our Trend cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints.

As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.

With 7,000 employees across 65 countries, Trend enables organisations to simplify and secure their connected world. www.TrendMicro.com.