Nearly 10 million devices fell victim to data-stealing malware in 2023, amounting to a 643 percent increase over the past three years, according to Kaspersky Digital Footprint Intelligence.
The study revealed that cybercriminals steal an average of 50.9 login credentials per infected device, including logins for social media, online banking services, crypto wallets, and corporate online services, such as email and internal systems.
Kaspersky’s data showed that 443,000 websites worldwide have experienced compromised credentials in the past 5 years, which threat actors can utilise to launch cyberattacks.
Dark web distribution
Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence, said malicious players can also sell or distribute compromised credentials on dark web forums and shadow Telegram channels.
“The dark-web value of log files with login credentials varies depending on the data's appeal and the way it's sold there. Credentials may be sold through a subscription service with regular uploads, a so-called "aggregator" for specific requests, or via a "shop" selling recently acquired login credentials exclusively to selected buyers. Prices typically begin at $10 per log file in these shops,” he said.
Mitigating measures
Individuals can use a comprehensive security solution for any device to help prevent infections and alert suspicious sites or phishing emails. Companies can also empower users, employees, and partners to protect themselves by proactively monitoring leaks and prompting users to replace leaked passwords immediately.