Financial information like credit/debit card and bank account numbers continue to be peddled on underground dark web markets. Threat actor groups and other cybercriminal affiliates often rely on the darknet markets to obtain sensitive financial data and exploit it later. A new analysis from NordVPN found over 4 million (4,481,379) payment card details, belonging to users across 140 countries, being traded on the dark web. The hackers were found selling payment cards information for $10 on average per card. The highest number of card details found for sale were from the U.S., Australia, and Hong Kong.
NordVPN found that most of the sensitive financial information traded on the dark web was harvested via brute-forcing. Brute-force technique is often used to guess passwords and penetrate targeted accounts. The passwords are guessed using dictionaries or common word combinations.
“Increasingly, the card numbers sold on the dark web are brute-forced. Brute-forcing is a bit like guessing. Think of a computer trying to guess your password. First, it tries 000000, then 000001, then 000002, and so on until it gets it right. Being a computer, it can make thousands of guesses a second. After all, criminals don’t target specific individuals or specific cards. It’s all about guessing any viable card details that work to sell,” said Marijus Briedis, CTO at NordVPN.
Also Read: 3 Digital Assets That Are High in Demand on Dark Web Forums
Threat actors often obtain confidential financial data to make fraudulent purchases or trade across underground forums. Users need to be extra vigilant while giving their financial information online. Maintaining strong password hygiene with multi-factor authentication procedures is recommended.
Briedis added, “Review your monthly statement for suspicious activity and respond quickly and seriously to any notice from your bank that your card may have been used in an unauthorized manner. Another recommendation is to have a separate bank account for different purposes and only keep small amounts of money on the one your payment cards are connected to. Some banks also offer temporary virtual cards you can use if you don’t feel safe while shopping online.”
In an exclusive quote to CISO MAG, Troy Adam Hunt, Information Security Author and Instructor at Pluralsight and Founder of Have I Been Pwned, said, “This research shows that now more than ever, as our lives are increasingly digitized, we face ongoing threats to our privacy, finances and general wellbeing. Particularly striking in this report is the indiscriminate nature of brute-forcing credit card numbers; you don’t have to be personally targeted, you’re literally just a number that a computer can guess and that can have a major impact on your financial posture.”
The post Over 4 Mn Payment Card Details Hawked on Dark Web appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor