Databases, Access, and Carding: Study Reveals Top Cybercrime Trends on the Indian Dark Web
Databases, access and carding — the most popular
queries on the Indian dark web have become common knowledge
Cybercriminals
on the Indian dark web are most interested in databases, access to company
infrastructure and bank card data. This is stated in a study* by Positive
Technologies, dedicated to the market of criminal cyber services in India.
A study
of advertisements on the dark web showed that hackers are mainly interested in
databases (42% of messages), access to company systems (23%) and carding —
advertisements for the sale of bank card data (10%). What is interesting is
that not all of this data is put up for sale: Positive Technologies experts
note that most databases (66%) are distributed on the dark web for free. This
is explained by the activity of hacktivists in India and the activities of
extortionists who post confidential data in the public domain if the victim
refuses to pay the ransom for it.
More
often than not, the attackers' focus is on data from scientific and educational
institutions, financial institutions, as well as government agencies and trade.
Purchase requests most often concern financial sector databases and, in total,
purchase announcements occupy 5% of the region's dark web. The cost of
databases in 40% of announcements does not exceed $ 1,000. The vulnerability
and insecurity of such data can be considered a serious problem for the
country's infrastructure, the study says. For example, a cyberattack on just
one major Indian electronics manufacturer in April 2024 led to the loss of 7.5
million instances of personal customer data. In general, India is in the top 3
countries in terms of the number of dark web announcements related to database
leaks.
The
second most popular topic on the shadow market for cyber services is access to
resources - 23% of announcements concern this topic. Here, supply exceeds
demand - the portion of announcements for the purchase of access amounts to 1%.
"This may indicate that the market for access to Indian company resources
contains a sufficient number of offers, and cybercriminals can choose a
suitable option from the existing ones," comments Positive Technologies
analyst, Anastasia Chursina. "We have also recorded the share of free
distribution of access to company infrastructure at 20%. This trend is
associated with the activity of hacktivists against the backdrop of
geopolitical conflicts." Access to the infrastructure of the Indian trade,
financial institutions and service sector is offered for sale on the dark web.
According to the study, more than 60% of all access can be purchased for less
than $ 1,000, and such a low cost makes it easier for cybercriminals to gain
initial access to the infrastructure of companies. More costly access to
financial institutions is also offered for sale. For example, access to an
Indian bank with administrator rights and the ability to connect to internal
portals, servers for working with ATMs and mobile applications is offered for
sale at $ 70,000 and above. As for the nature of access, every second ad
contains an option to connect to the company's resources via RDP (29%) or VPN
(23%) protocols. Hackers obtain these accesses by infecting devices with
stealers, Positive Technologies observes. Access to content management systems
such as Magento and WordPress also accounts for a significant percentage (22%).
Carding
accounts for 10% of the criminal cyber services market. Offers on this topic
contain bank card data (date and card number, card expiry date, CVV code),
cardholder data, as well as their residential address, phone number and email.
Leakage of such data is dangerous because attackers use it in fraudulent schemes
with subsequent withdrawal of funds. However, on the Indian shadow market,
carding is not valued very highly - data sets are sold, on average, for $500
per 100 units of bank card data.
Low
cost of access and free distribution of personal data can provoke an increase
in attacks on companies and government agencies of the country. What is more,
it is certainly worth strengthening the protection of educational
organisations, which are now an easy target for attackers. Positive
Technologies recommends that organisations build comprehensive protection based
on the principles of effective cybersecurity. From this point of view, a
combination of SIEM and XDR class solutions is suitable for analysing security
events. The MaxPatrol O2 metaproduct will help with effective monitoring and
detection of threats in the infrastructure. Modern tools - new-generation NGFW
firewalls, WAF and NTA class solutions, the MaxPatrol VM vulnerability
management system - should be included in the protection systems. Given the prevalence
of stealers and ransomware in cyberattacks on Indian infrastructure, the use of
sandboxes for the timely detection of various types of malware should not be
neglected.
*The
Positive Technologies study analysed messages related to India for the period
from September 1, 2023 to October 1, 2024. The sample included 380 Telegram
channels and forums on the dark web (total numbers of around 65 million users
and 250 million messages).
Leave A Comment