How do hackers start

How do hackers monetize stolen data?

Cyber ​​criminals go to great lengths to steal your data. But what exactly do you do with the information once you have it in your fingers?

In most cases, data theft is due to money. After the crooks have stolen your information, they can turn it into profit through shady channels, for example by taking out loans or making purchases on your behalf, demanding a ransom for the surrender of your data or selling it to the highest bidder on the Darknet.

In this post, we'll tell you how hackers steal your data and turn it into money - and how much it's worth on the black market.

How do hackers steal your data?

There are countless ways that criminals can get your information. The following list is therefore not exhaustive, but gives you a good overview of the most common methods:

1. Malware

There are many types of malware that can be used to steal personal information, such as keyloggers, infostealers, and banking malware.

Most types focus on login data, credit card information, data for automatic completion in the browser or wallets (i.e. electronic purses) for cryptocurrency. Some, such as the infamous Vega Stealer, sniff out certain file types, such as PDF, Word, Excel or text files, and exfiltrate (unauthorized data transfer) them to an external tax server.

Malware is typically spread through malicious email attachments, malvertising, drive-by downloads, and pirated software. You can protect your system from malware using a proven antivirus solution like Emsisoft Anti-Malware.

2. Phishing

Phishing is a technically simple form of so-called social engineering (i.e. the manipulation of users) in which cyber criminals try to obtain confidential information such as login details, credit card information and personal data.

In a typical phishing scam, attackers pose as a trustworthy company such as Microsoft, Amazon, or Netflix and claim that there is a problem with your account. The message will ask you to click a link to resolve the problem by confirming your password or entering your credit card information. This data is then forwarded directly to the hackers, who can then use it to access your accounts and the data stored in them.

Phishing attacks usually take place via email, but social networks, text messages, and calls are also common attack vectors.

3. Weak passwords

Hackers can also steal your data by cracking your online account passwords. There are also various techniques for doing this:

  • Stolen passwords: When a large service provider has been hacked, millions of passwords are often revealed, which are then sold or posted publicly on the Internet. Since many users use the same password for multiple accounts, attackers can use the credentials published in this way to access other accounts of the respective user. You can check whether one of your accounts has been affected by such a vulnerability by entering the relevant email address on Have I Been Pwned.
  • Brute force attacks: Hackers use special tools to enter every possible combination of characters into a password field until the correct password is guessed. The shorter and simpler the password, the faster it can be cracked with a brute force attack.
  • Keylogger: Using data-stealing malware such as keyloggers, attackers can record the keystrokes on your keyboard and thus also spy on your passwords and other information.
  • Phishing: Hackers also use social engineering to try to extract usernames and passwords from you. Phishing attacks can be very persuasive and can come from a trusted account that has been compromised, for example.
  • Post exploitation tools: Some tools are designed to extract passwords and other sensitive information from systems that have already been compromised. If your system has been compromised by malware, for example, an attacker can use a tool like Mimikatz to view and steal the login data stored on the system.

You can find more information and tips on how to do this in our blog article on securely managing passwords.

4. Unsecured connections

Attackers can also steal your data by spying on unsecured connections such as public WiFi networks. Public WiFi is often unsecured and unencrypted, exposing users to a variety of attacks such as:

  • Man-in-the-middle attacks: Attackers intercept your data by placing themselves between your device and the public WLAN. This gives them access to all data (including your passwords and financial information) that is exchanged between you and the websites you visit, as long as you are connected via this WiFi network.
  • Honey pot hotspot: Attackers set up a WiFi access point that resembles a legitimate hotspot, allowing them to eavesdrop on network traffic. These honeydew hotspots are also popular to use to spread malware or redirect you to malicious websites.

This is how hackers monetize stolen data

As soon as the hackers have your data in their fingers, they will first go through it. You search your data for valuable information, such as registration data, financial information, names, telephone numbers, addresses or insurance numbers, and organize them in a database. Once the data has been sorted, there are many options for the hackers to monetize it.

Use for own purposes

In some cases, the hackers misuse the stolen data to make purchases or commit fraud. Although this is rather rare, as it attracts the attention of the authorities faster than selling large amounts of data anonymously online, it does happen every now and then.

With your data, attackers can:

  • shopping online
  • Withdraw money from your bank account
  • Apply for loans
  • Have credit cards issued
  • Commit insurance fraud
  • Pay off your own debts
  • Ask for money from your contacts through your accounts (email or social media)

Selling your credentials

Usernames and passwords are often sold in bulk over the darknet. These buyers can then use their login credentials to transfer money from their account, shop online or use payment services.

According to a Symantec report on the shadow economy, your account information is typically worth this:

  • Gaming Platform Accounts: $ 0.50-12.00
  • Video and Music Streaming Service Accounts: $ 0.10-2.00
  • Cloud Service Accounts: $ 5–10.00
  • Online banking accounts: 0.5–10% of the account value

Selling personal data on the black market

Hackers sell personal data via the darknet on the black market. This data is also typically sold in bulk. The more up-to-date the data, the more money it brings in.

This is how much your data is worth:

  • Name, Social Security Number, and Date of Birth: $ 0.10–1.50
  • Medical records and prescriptions: $ 15.00-20.00
  • ID / passport scans or templates: USD 1.00–35.00
  • Mobile phone online access: USD 15.00–25.00 [nbps]
  • Full personal information (name, address, phone number, social security number, email address, bank account): USD 30.00–100.00
  • While that doesn't sound like a lot of money, it adds up when the data is often sold in massive quantities. Attackers who were able to successfully hack a large company can gain access to the data of millions of users, which makes good profits when sold in a package. In 2019, the hackers behind the Canva data breach on the Darknet offered the data of 932 million users for sale, which they had stolen from 44 companies.

Sell ​​your credit card information

Attackers typically sell credit card information in packages of hundreds or even thousands of stolen credit cards. The data is often bought by so-called "carders" (as the fraudsters are called) in order to cover up their machinations by buying gift cards with the stolen data and then using these to buy the actual goods. They then sell these via the Darknet and legitimate channels such as eBay.

How much is your credit card information worth?

  • Single credit card: $ 0.50-20.00
  • Single credit card with all data: USD 1.00–45.00

Request ransom for your data

Some types of ransomware have a data exfiltration feature that allows hackers not only to encrypt data, but also to steal data through various channels (e.g. FTP, HTTP, HTTPS, SSL / TLS).

Attackers can then use the stolen data to blackmail you into paying the ransom, which averages a staggering 84,000 USD. Or they sell your personal data as additional income on the black market.

Sale of valuable intellectual property

It's also not uncommon for hackers to attack large companies and then sell the stolen data to companies in developing countries. These are well thought-out and state-subsidized attacks that are extremely lucrative for both the attacker and the commissioning country. It is estimated that China's intellectual property theft costs the US economy $ 50 billion a year.

Consequences of data theft for victims

Data theft can have serious consequences for victims. In the short term, the time-consuming procedure is necessary to protect the affected accounts again, to revoke fraudulent purchases and to replace stolen credit cards.

This is annoying, but it doesn't necessarily have drastic effects. In addition, however, it can also have long-term consequences.

For example, if your data has been used for scams, it could affect your creditworthiness. Such damage is very difficult to reverse and can prevent you from taking out a loan in the future (e.g. to buy or rent a property). In addition, using your work accounts to carry out malware or phishing attacks could damage your career, result in business losses, or result in disciplinary action from your manager.

Conclusion

The motive for data theft is usually money. There are many ways for cyber criminals to gain access to your data, such as malware, phishing, cracked passwords or man-in-the-middle attacks. As soon as they get their hands on your data, they can use it to commit scams or sell them via the darknet.

 

Translation: Doreen Schäfer