How much does your data cost on the dark web?

In recent months, the banking sector has been the target of a series of large-scale cyberattacks, raising concerns both among financial institutions and their customers. As security systems increase, so does the sophistication of these attacks, which can jeopardise the security of financial and personal data for millions of users. 

This year there have already been some notable incidents. For example, in April, a group of cybercriminals managed to infiltrate the system of one of the main banks in Europe and steal sensitive data from more than half a million customers. To access this information, the attackers used advanced phishing techniques to obtain employee credentials, which allowed them to access the different internal sub-networks of the institution. 

The goal of these cybercriminals is to gain financial benefits. For example, they can sell personal and financial information on the black market, use it to commit fraud, engage in identity theft, or access bank account and credit card information. 

In the case of businesses, and although we are talking about banks this applies to any industry, it is important to have the right partner. This is where companies offering managed cybersecurity solutions come into play, such as Sopra Steria, which has recently acquired CS Group, Ordina, and Tobania, improving its cybersecurity capabilities in terms of solution offerings. This allows directors to focus on what matters most, the business, without worrying about access attempts that, if well-supported by a solid consultancy, should come to nothing. 

A fistful of dollars

Cybercriminals use a wide variety of methods to carry out their operations. Among the most common techniques is phishing, which involves sending fraudulent emails that, at first glance, appear legitimate. This way, they deceive employees and obtain their passwords or other key information. 

This practice, although the most well-known, is not the only one. Ransomware, a type of malware that encrypts the target entity's data, is used to demand a ransom in exchange for the release of the data. Likewise, DDoS (Distributed Denial of Service) attacks involve sending massive requests to the target servers, which can overwhelm the systems. 

Similarly, many cybercriminals study specific software or hardware to identify vulnerabilities that are even unknown to the manufacturers themselves. By doing this, they can infiltrate systems before the corresponding patches and security fixes are published. 

After causing a breach, these criminals enter the dark web, a network only accessible through special browsers, to trade the stolen data on the black market. This opaque environment (all communications are encrypted end-to-end, making it nearly impossible to trace the IP address that accessed these websites) creates the perfect breeding ground for such activities. 

Prices can vary  

In these dark forums, the prices vary depending on their usefulness and appeal. For example, credit card data is sold for between $5 and $110, depending on the credit limit and the quality of the associated information. On the other hand, access to bank accounts can cost between $200 and $2,000, increasing based on the available balance and the issuing bank. 

It is particularly chilling how cheaply a complete identity can be purchased (less than 100 euros). This type of information, known as ‘fullz’, includes datasets such as name, address, social security number, date of birth, etc. 

Likewise, access credentials to accounts and online services (email, streaming services, or online stores) range in price from $1 to $50. 

Given the rise of digitalisation (today we live online and our digital identity is an extension of the real one), it is always important to remember the significance of cyber hygiene and protection. We must be aware and promote safe practices, not only at work but also in our daily lives. Otherwise, our most sensitive information could be exposed and bought for just a fistful of dollars.