The value of PII and how it still fuels malign activities in the digital ecosystem

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums, a Constella Intelligence report reveals.

The value of PII on the dark web

The research analyzed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands.

Notably, there has been an exorbitant spike in the price of sensitive personal records sold in the deep and dark web, with the price of driver’s licenses, passports, and ID cards increasing significantly from the previous year analyzed – plausibly due to an increased demand for personal records during the pandemic.

The report also includes a deep dive into the top companies in the energy and telecommunications sectors that appeared in the Fortune Global 500 list, demonstrating increasing exposure and vulnerability of companies in the sector, employees, and executives over the past year.

“The COVID-19 pandemic has shown us the fragility of our online infrastructure,” said Constella Intelligence CEO, Kailash Ambwani. “As people continue to rely on digital solutions and working from home, both companies and individuals must take new precautions to protect themselves from potential threat actors.”

Fortune 500 companies increasingly exposed to breaches

• Nearly 60% of the data breaches analyzed exposed some form of PII and 72% of these breaches included passwords.
• Over 40% of executives from a sample of Fortune 500 companies in energy and telecommunications sectors were exposed in a breach over the last 5 years.
• Fortune 500 companies in energy and telecommunications have had their corporate domains exposed in approximately 11k breaches/leakages since 2016, and over 40% of these exposures occurred since 2020, indicating worsening security of corporate credentials.
• Out of a sample of 55 Fortune 500 Energy executives, nearly 1/4 have had their passwords exposed.
• The sale of vaccine doses—such as AstraZeneca, Pfizer, Moderna, and Sputnik—in multiple dark marketplaces ranging from as little as $8 to as much as nearly $850 has been noticed.
• Crypto-currency, news, and healthcare industries saw 120%, 110%, and 51% increases (respectively) in breaches and leakages compared to 2019.
• Compared to the findings in the 2020 report, the price of personal records transacted in dark marketplaces increased significantly, including passports (+1,185%), and driver’s licenses (+328%), ID cards (+642%), possibly due to increased demand for false identification records during the pandemic.

“Threat actors continue to find new ways to target individual and company data due to new vulnerabilities created in times of uncertainty and crisis. PII continues to fuel malign activities in the digital ecosystem,” said Alex Romero, COO of Constella Intelligence. “Executives are specifically being targeted for their high-level access within organizations.”