Logins for social media accounts are now more valuable than credit card details to attackers.
According to the Telegraph, recent data breaches have caused a glut of data to flood onto the market, meaning that their value have dropped from between $20-$40 to $2, while access to social media accounts such as Twitter can vary from $16 to more than $325.
According to research by RAND and Juniper, while there is a value attached to credit card details, and immediately after a large breach, freshly acquired credit cards command a higher price, after time prices fall because the market becomes flooded.
The report said: “This cycle continues with each new large breach. Access to botnets and DDoS capabilities are cheaper because there are so many more options (same for exploit kits). The price of PII/PHI is falling (although some believe that its value is rising).”
Lancope CTO TK Keanini, said: “Today the credit card industry has made it more expensive for cyber crime operations when it comes to monetising stolen credit card data. However, the theft of a person’s identity in social media means that you now have trusted access to hundreds, if not thousands of people for a small window of time.
“During this time you can instruct them cleverly to download crimeware that will in turn steal more credentials to not only credit card data but any financial system.
“Whether defending your personal information or your companies information, you need to think like the adversary and that adversary is a part of a complex and highly effective supply chain. The data they want to take has value in some part of that supply chain and it may not be obvious because you don’t see it as directly monetized like a credit card dumps. This is why we must continuously monitor and adapt to the changing threat environment as they in turn do the same to our defences.
“Over the coming years, these dark markets are going to be more visible because 1) they are interesting and newsworthy and 2) it is where the business of cyber security is being invented and practiced. The business paradox they face is to become more visible and grow their market share or remain dark and exclusive slowing their revenue growth. The adversaries are treating cyber security as a business problem; it is about time that their victims do the same.”
