Stolen available data on dark web for for thousand dollars, says Positive Technologies
NEW DELHI, Dec 24 (The CONNECT) – Databases, access and carding — the most popular queries on the Indian dark web have become common knowledge
Cybercriminals on the Indian dark web are most interested in databases, access to company infrastructure and bank card data. This is stated in a study by Positive Technologies, dedicated to the market of criminal cyber services in India.
A study of advertisements on the dark web showed that hackers are mainly interested in databases (42% of messages), access to company systems (23%) and carding — advertisements for the sale of bank card data (10%).
What is interesting is that not all of this data is put up for sale and most databases (66%) are distributed on the dark web for free, Positive Technologies experts say.
This is explained by the activity of hacktivists in India and the activities of extortionists who post confidential data in the public domain if the victim refuses to pay the ransom for it.
More often than not, the attackers’ focus is on data from scientific and educational institutions, financial institutions, as well as government agencies and trade.
The Positive Technologies study analysed messages related to India for the period from September 1, 2023 to October 1, 2024. The sample included 380 Telegram channels and forums on the dark web (total numbers of around 65 million users and 250 million messages).
Purchase requests most often concern financial sector databases and, in total, purchase announcements occupy 5% of the region’s dark web. The cost of databases in 40% of announcements does not exceed $ 1,000. The vulnerability and insecurity of such data can be considered a serious problem for the country’s infrastructure, the study says.
For example, a cyberattack on just one major Indian electronics manufacturer in April 2024 led to the loss of 7.5 million instances of personal customer data.
In general, India is in the top 3 countries in terms of the number of dark web announcements related to database leaks.
The second most popular topic on the shadow market for cyber services is access to resources – 23% of announcements concern this topic. Here, supply exceeds demand – the portion of announcements for the purchase of access amounts to 1%.
“This may indicate that the market for access to Indian company resources contains a sufficient number of offers, and cybercriminals can choose a suitable option from the existing ones,” said Positive Technologies analyst, Anastasia Chursina.
“We have also recorded the share of free distribution of access to company infrastructure at 20%. This trend is associated with the activity of hacktivists against the backdrop of geopolitical conflicts.” Access to the infrastructure of the Indian trade, financial institutions and service sector is offered for sale on the dark web. According to the study, more than 60% of all access can be purchased for less than $ 1,000, and such a low cost makes it easier for cybercriminals to gain initial access to the infrastructure of companies.
More costly access to financial institutions is also offered for sale. For example, access to an Indian bank with administrator rights and the ability to connect to internal portals, servers for working with ATMs and mobile applications is offered for sale at $ 70,000 and above.
As for the nature of access, every second ad contains an option to connect to the company’s resources via RDP (29%) or VPN (23%) protocols. Hackers obtain these accesses by infecting devices with stealers, Positive Technologies observes. Access to content management systems such as Magento and WordPress also accounts for a significant percentage (22%).
Carding accounts for 10% of the criminal cyber services market. Offers on this topic contain bank card data (date and card number, card expiry date, CVV code), cardholder data, as well as their residential address, phone number and email.
Leakage of such data is dangerous because attackers use it in fraudulent schemes with subsequent withdrawal of funds. However, on the Indian shadow market, carding is not valued very highly – data sets are sold, on average, for $500 per 100 units of bank card data.
Low cost of access and free distribution of personal data can provoke an increase in attacks on companies and government agencies of the country. What is more, it is certainly worth strengthening the protection of educational organisations, which are now an easy target for attackers.
Positive Technologies recommends that organisations build comprehensive protection based on the principles of effective cybersecurity. From this point of view, a combination of SIEM and XDR class solutions is suitable for analysing security events.
The MaxPatrol O2 metaproduct will help with effective monitoring and detection of threats in the infrastructure. Modern tools – new-generation NGFW firewalls, WAF and NTA class solutions, the MaxPatrol VM vulnerability management system – should be included in the protection systems. Given the prevalence of stealers and ransomware in cyberattacks on Indian infrastructure, the use of sandboxes for the timely detection of various types of malware should not be neglected.
Positive Technologies is an industry leader in results-oriented cybersecurity and a major global provider of information security solutions. Its mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company.
Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting.
Positive Technologies is known globally as a visionary and a leader in the field of ethical security research. Each year its experts identify hundreds of zero-day vulnerabilities in IT systems of various classes and types, including products by Cisco, Citrix, IBM, Intel, Microsoft, and VMware. For detecting dangerous vulnerabilities, the company’s experts have been added to the halls of fame of such companies as Adobe, Apple, AT&T, GitLab, Google, IBM, Mastercard, Microsoft, PayPal, VK, and Yandex.