Infostealers and the high value of stolen data

The risk of personal and professional data being stolen by nefarious actors looms larger than ever, according to Trend Micro.

Understanding the risks associated with data theft, which include identity theft, financial loss, reputational harm, and the potential misuse of stolen information against individuals and organizations, is critical for gauging the profound impact and financial implications that data theft can bring about.

Marketplace data availability

Comparing the 16 most active infostealer malware variants across two dark web marketplaces (Russian Market and 2easy.shop), Trend Micro researchers composed a risk matrix.

It measured how “at risk” a piece of stolen data is once it ends up in the hands of a cyber-criminal or fraudster. Tied first were crypto wallets and website credentials—because they are among the most monetizable forms of data and the easiest to find on underground sites.

Other categories, like Wi-Fi credentials and desktop screenshots, are not as easy to sell/abuse, and were therefore categorized as less risky. Somewhere in the middle were credential types that are more specialized, like those for FTP and VPN software.

Google.com accounted for the largest volume of stolen website credentials sold on 2easy.shop, followed by Live.com, Facebook and Instagram.

“Crypto assets are like cash so users should put them in a digital safe. As for web credentials, threat actors can do concerning things with them, so use a password manager or similar,” advised Trend Micro Senior Threat Researcher, David Sancho. “Ultimately, end users and organizations need to know what data to care about the most, and with this report, they can prioritize these defensive efforts with confidence.”

The report also revealed a handy list of which countries are most at risk of being targeted by an infostealer, by analysing dark web logs to see where infected computers were located.

Although populous countries India (825,834 logs), Brazil (614,455) and Indonesia (473,459) came top, when weighted against the internet user base in each country, the order was somewhat different. Portugal came top with 7,368 logs per million users, followed by Brazil (3,717) and Greece (3,284).

Infostealers exploit valuable stolen data

Infostealers pose an escalating threat due to the enduringly high value of stolen data in the cybercrime underground, where it can be sold to other malicious actors, employed in identity fraud, and leveraged for unauthorized access to corporate networks.

With information increasingly being stored online, infostealers have become an effective tool for attackers, especially against organizations that store large amounts of sensitive data and lack comprehensive security measures.

Infostealer malware is responsible for most of the stolen data being sold on the criminal underground. The report warned that the hybrid and remote working trend has also created new opportunities for infostealer attacks.

However, despite the large number of infostealer variants in the wild, Trend Micro found that only a select few have a major presence in underground data marketplaces. In practical terms, that means organisations should focus defensive efforts only on those infostealers that are most popular on the dark web.