Kaspersky: Millions of Accounts Compromised by Data Theft Software in 2023

Friday 05 April 2024 - 09:00

Kaspersky has revealed in its latest study that the ".com" domain is the most attacked, followed by domains associated with Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn). The ".ma" domain, associated with Morocco, accumulated 1.1 million compromised accounts in 2023.

Nearly 10 million devices were targeted by data theft software in 2023, according to experts from Kaspersky's Digital Footprint Intelligence team, after analyzing infostealers logs exchanged on the Dark Web. Their research also revealed that cybercriminals steal an average of 50.9 login credentials per infected device, indicating that infostealers pose an increasingly significant threat to both individuals and businesses.

In response to the magnitude of this threat, Kaspersky has launched a dedicated page to better prevent these attacks and propose strategies to minimize associated risks.

According to Kaspersky's Digital Footprint Intelligence, approximately 10 million personal and professional devices were compromised by data theft software in 2023, representing a 643% increase over three years. The analyzed data comes from malicious logs actively exchanged on the Dark Web and monitored by Kaspersky to help businesses ensure the security of their customers and employees.

Although the number of malicious logs, and thus infiltrations recorded in 2023 experienced a marginal decrease of 9% compared to 2022, this does not mean that cybercriminals' demand for login credentials has stagnated. Some compromised credentials in 2023 may be randomly disclosed on the Dark Web throughout the year. Therefore, the actual number of breaches is likely even higher than 10 million. According to analysis by Kaspersky researchers of malicious logs activity, the number of infections occurring in 2023 is estimated to be around 16 million.

Cybercriminals steal an average of 50.9 login credentials per hacked device. They use them either to meet their own malicious objectives, such as perpetrating cyberattacks, or to sell and distribute them freely on the Dark Web and clandestine Telegram channels.

Among the stolen information are credentials to access accounts on social networks, online banking services, cryptocurrency wallets, and various business services such as emails or internal systems. According to data collected by Kaspersky, 443,000 websites worldwide have had their credentials compromised in the last five years.

Regarding the number of compromised accounts, the .com domain tops the list. Nearly 326 million identifiers and passwords from websites in this domain were compromised by infostealers in 2023. Next is the .br domain for Brazil, with 29 million compromised accounts, then .in for India, with 8 million, .co (Colombia) with nearly 6 million, and .vn (Vietnam) with over 5.5 million. In the case of the ".ma" domain, for Morocco, 1.1 million accounts were compromised in 2023.

Sergey Shcherbel, an expert in Kaspersky's Digital Footprint Intelligence team, stated: "The value of login credentials logs on the Dark Web varies depending on the interest of the data in question and how they are sold. Credentials can be sold through a subscription service with regular downloads, an 'aggregator' for specific requests, or a 'store' that sells newly acquired credentials exclusively to selected buyers. In these stores, prices usually start at $10 per log. This shows how crucial it is for individuals and businesses, especially those managing large online user communities, to remain vigilant. Credential leaks represent a significant threat, enabling cybercriminals to carry out various attacks such as unauthorized access for theft, social engineering, or identity theft."