Around 5 million people have had their personal information stolen and sold on “bot markets,” of which 600,000 are from India, according to a press release by VPN provider NordVPN. The average price for the digital identity of one person is 490 INR,” as per the document referred to above.
What are bot markets? “The word ‘bot’ in this situation does not mean an autonomous program – in this case, it refers to data-harvesting malware. Bot markets are online marketplaces hackers use to sell data they have stolen from their victims’ devices with bot malware. The data is sold in packets, which include logins, cookies, digital fingerprints, and other information — the full digital identity of a compromised person,” the press release explained.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot. A simple password is no longer worth money to criminals, when they can buy logins, cookies, and digital fingerprints in one click for just 490 rupees.” — Marijus Briedis, CTO at NordVPN
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
Why does this matter? The report cited in NordVPN’s press release is yet another reminder of why India needs better cybersecurity policies and practices, not just at an institutional level but also at the user level. According to the press release, India was the most affected country in the world, with 12% of all the data on bot markets being Indian. Separately, the press release interestingly claims that the average price of a digital identity is ₹490, which indicates how valuable the market for stolen data is.
What information do hackers sell on bot markets? According to the report, the following types of stolen data are sold on bot markets:
- Logins and other credentials: “When a virus attacks the user’s device, it may grab logins saved to their browser. The research found 26.6 million stolen logins on the analyzed markets. Among them were 720 thousand Google logins, 654 thousand Microsoft logins, and 647 thousand Facebook logins.”
- Cookies: “By stealing your cookies, the malware could gain access to different platforms you use. Although cookies don’t display any passwords directly, they may contain authentication or session tokens that store your logins,” the report stated. “These are also usually stolen from a user’s browser and help criminals bypass two-factor authentication. The research found 667 million stolen cookies on the analyzed markets,” as per the press release.
- Digital fingerprints: “A person’s digital fingerprint includes screen resolution, device information, default language, browser preferences, and other information that makes the user unique. Many online platforms track their users’ digital fingerprints to make sure they properly authenticate them. During the research, 81 thousand stolen digital fingerprints were found on the analyzed markets.”
- Autofill forms: “Many people use the autofill function for their names and emails as well as for their payment cards and addresses. All of these details can be stolen by malware. During the research, 538 thousand autofill forms were found on the analyzed market.”
- Screenshots of a device: “During a malicious attack, a virus might take a snapshot of the user’s screen. It can even take a picture with the user’s webcam.”
Which bot markets were analysed? “Researchers analyzed three major bot markets: the Genesis Market, the Russian Market, and 2Easy. All of the markets were active and accessible on the surface web at the time of analysis. The data on bot markets was compiled in partnership with independent third-party researchers specializing in cybersecurity incident research,” the press release stated. NordVPN has tracked data for the past four years.
- Genesis Market: “The Genesis market became active in 2017. It’s a marketplace that offers the most advanced interface out of all bot markets. Genesis sells more than 400,000 logs from 225 countries. […] Italy, Spain, and France are the countries most affected by this market,” according to the report.
- Russian Market: “The Russian market is the biggest bot marketplace. It sells more than 3,870,000 logs from 225 countries. The Russian market offers the easiest way to become a vendor. […] India, Indonesia, and Brazil are the most affected countries by this market.”
- 2Easy: “The 2easy marketplace was launched in 2018. […] 2easy sells more than 600,000 stolen data logs from 195 countries. […] The most affected countries by this market are India, Brazil, and the US.”
Common types of bot malware: “The most popular types of malware that steal and gather data include RedLine, Vidar, Racoon, Taurus, and AZORult. RedLine is the most prevalent of them all. For example, in the Russian market, it takes more than 60% of the whole marketplace,” the report stated.
Why is this data harmful in the wrong hands?
- “The scariest thing about bot markets is that they make it easy for hackers to exploit the victim’s data. Even a rookie cybercriminal can connect to someone’s Facebook account if they have cookies and digital fingerprints in place, which help them bypass multi-factor authentication. After logging in to a user’s account, a cybercriminal can try contacting people on a victim’s friends list and send malicious links or ask for a money transfer. They can also post fake information on the victim’s social media feed. Information stolen from autofill forms or just by taking a device screenshot can help these actions look more believable and trustworthy. And you will have no way to detect who used your data,” the press release explained.
- “Some tactics are even simpler. A hacker can, for example, take control of a victim’s Steam account by changing the password. Steam accounts are sold for up to $6,000 per account and can be easy money for a criminal,” Marijus Briedis, CTO at NordVPN said.
How to protect yourself? NordVPN listed the following measures users can take to protect themselves:
- Maintain digital hygiene: “You should never click on suspicious links or download files from shady websites and torrent clients. They’re unsafe and illegal – in other words, a perfect nest for malicious software.”
- Use a password manager: “You should avoid saving passwords in your browser – a virus could instantly steal them.”
- Use threat protection tool: “A threat protection tool blocks online trackers, scans files for malware, and stops potential malware attacks.”
- Store documents securely: Save documents in encrypted cloud services.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- MeitY To Hold Cybersecurity Workshop For Officials After Ransomware Attack On AIIMS-Delhi: Report
- Latest Developments In The Ransomware Attack On AIIMS-Delhi As It Partially Resumes Server Facilities
- EPFO Denies Any Data Breach Took Place In July Or August 2022: RTI
- Advanced Version Of Android Malware Targeting Indian Taxpayers Identified: Report