What are cybercriminals after?
Watch the video for a look into what cybercriminals are after.
The Dark Web
You will be surprised to know that the market place on the dark web is so very evolved that the annual price indices of these items traded are available. In the table below you can see how the rates have changed from 2020 to 2021 for various commodities. You can see which one has risen the most in red.
| Product | Average Price USD (2020) | Average Price USD (2020) | Year on Year Difference |
|---|---|---|---|
| Cloned Mastercard with PIN. | $15 | $25 | +$10 |
| Cloned American Express with PIN. | $35 | $35 | $0 |
| Cloned VISA with PIN. | $25 | $25 | $0 |
| Credit card details, account balance up to $1,000. | $12 | $15 | +$3 |
| Credit card details, account balance up to $5,000. | $20 | $24 | +$4 |
| Stolen online banking logins, minimum $100 on the account. | $35 | $40 | +$5 |
| Stolen online banking logins, minimum $2,000 on the account. | $65 | $120 | +$55 |
| Walmart account with a credit card attached. | $10 | $14 | +$4 |
Cybercrime as a service
Cybercrime is available as a service. All you need to do is to pick and choose what you want and mention the target. In short, you can hire criminal agencies to act on your behalf, there is a published pricelist, vendor ratings and feedback on their services are available, and DDoS and Ransomware seem to cost higher.
| DDOS Attacks | Average Price USD (2020) | Average Price USD (2021) |
|---|---|---|
| Unprotected website, 10-50k requests per second, 1 hour. | $10 | $15 |
| Unprotected website, 10-50k requests per second, 24 hours. | $60 | $50 |
| Unprotected website, 10-50k requests per second, 1 week. | $400 | $500 |
| Unprotected website, 10-50k requests per second, 1 month. | $800 | $1,000 |
| Premium protected website, 20-50k requests per second, multiple elite proxies, 24 hours. | $200 | $200 |
Recent cybercrimes
There are warnings about spear-phishing and social engineering campaigns launched across social networking platforms and targeting individuals.
Given that LinkedIn is one of the targets, it is highly probable that the criminals are attempting to gather information and the data of professionals and their related enterprises and intend to gather them using spear-phishing and similar means. The impact will depend upon the sector and the target enterprise.
The following table details recent cybercrimes.
| Month | Brief Description of the Cybercrime |
|---|---|
| May 2021 | The FBI and the Australian Cyber Security Centre warned of an ongoing Avaddon ransomware campaign targeting multiple sectors in various countries, including the UK. |
| April 2021 | MI5 warned that over 10,000 UK professionals have been targeted by hostile states over the past five years as part of spearphishing and social engineering campaigns on LinkedIn. |
| January 2021 | Hackers linked to Hezbollah breached telecom companies, internet service providers, and hosting providers in the UK for intelligence gathering and data theft. |
| October 2020 | An Iranian hacking group conducted a phishing campaign against universities in the UK. |
| October 2020 | The UK’s National Cyber Security Centre (NCSC) found evidence that Russian military intelligence hackers had been planning a disruptive cyberattack on the later-postponed 2020 Tokyo Olympics. |
| September 2020 | American healthcare firm Universal Health Systems sustained a ransomware attack that caused affected hospitals to revert to manual backups, divert ambulances, and reschedule surgeries. |
Recent data breaches
Successful criminal activities where a large amount of personal data was harvested from online services.
Following the warning provided in April 2021, personal data of 90% of LinkedIn users was breached and made available in the market place on the Dark Web. Should the users have stored any payment related information, that would be available too.
| Month | Brief Description of the Cybercrime |
|---|---|
| June 2021 | Data of 700 million LinkedIn users was posted on a dark web forum, impacting more than 90% of its user base. |
| March 2020 | Sina Weibo, China’s largest social media platform, lost a copy of the data of 538 million Weibo users and their personal details. |
| November 2019 | Alibaba, a well-known shopping platform lost a copy of 1.1 billion pieces of data. |
| March 2019 | Two datasets from Facebook apps had been exposed to the public internet. More than 530 million Facebook users were impacted and the data included phone numbers, account names, and Facebook IDs. In April 2021, the data was posted for free on the Internet! |
| September 2018 | Sensitive details belonging to half a million Starwood guests of Marriott Hotel were lost following an attack on its systems in September 2018. The company was eventually fined £18.4 million (reduced from £99 million) by the UK data governing body the Information Commissioner’s Office (ICO) in 2020 for failing to keep customers’ personal data secure. |
| February 2018 | Diet and exercise app MyFitnessPal exposed around 150 million unique email addresses, IP addresses and login credentials such as usernames and passwords. |
Reach your personal and professional goals
Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.
Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.
