Over the past five years, using stylers, that is, programs for stealing information, attackers have obtained logins and passwords to log in to 443 thousand sites around the world. These are the results of a study by the Kaspersky Digital Footprint Intelligence team. They were obtained as a result of analyzing the published log files of stylers on the darknet. As for login data for sites in the .ru zone, 2.5 million pairs of usernames and passwords were stolen in this segment. This was reported to CNews by representatives of Kaspersky Lab.
In total, in 2023, as a result of attacks by styler programs, user data on about 10 million devices was affected. This is about seven times more than in 2020. On average, attackers steal 50.9 combinations of usernames and passwords from one infected device. Attackers can use the stolen data to carry out subsequent attacks, or sell or distribute it on shadow resources or in Telegram channels.
"The number of styler log files detected on the darknet decreased by 9% compared to 2022, but this does not mean that the demand for usernames and passwords among attackers has fallen. We do not rule out that some credentials compromised in 2023 will end up in the shadow segment of the Internet in the current year, 2024. Therefore, the real number of infections is likely to be even more than 10 million. According to our estimates, it can reach 16 million," said Sergey Shcherbel, a cybersecurity expert at Kaspersky Lab.
Most of all, in 2023, combinations of usernames and passwords from sites located in the .com domain zone were stolen — almost 326 million. Also in the top 5 are the Brazilian domain .br with data from 29 million accounts, Indian domain .in with eight million, Columbia .co with almost six million and Vietnamese .vn with more than 5.5 million users.
"The cost of log files with credentials varies on the darknet, depending on what kind of data it is and exactly how it is sold. This can happen through a subscription service that regularly loads new data, through a so-called aggregator for specific queries, or through a store that sells credentials in one hand. Prices in such stores usually start from $10 US per log file. It is very important to remain vigilant — both for individuals and companies, especially those who work with a huge number of Internet users. Compromise of credentials is a serious threat that allows attackers to perform unauthorized access for the purpose of theft, posing as other people," said Sergey Shcherbel.
In total, in 2023, as a result of attacks by styler programs, user data on about 10 million devices was affected. This is about seven times more than in 2020. On average, attackers steal 50.9 combinations of usernames and passwords from one infected device. Attackers can use the stolen data to carry out subsequent attacks, or sell or distribute it on shadow resources or in Telegram channels.
"The number of styler log files detected on the darknet decreased by 9% compared to 2022, but this does not mean that the demand for usernames and passwords among attackers has fallen. We do not rule out that some credentials compromised in 2023 will end up in the shadow segment of the Internet in the current year, 2024. Therefore, the real number of infections is likely to be even more than 10 million. According to our estimates, it can reach 16 million," said Sergey Shcherbel, a cybersecurity expert at Kaspersky Lab.
Most of all, in 2023, combinations of usernames and passwords from sites located in the .com domain zone were stolen — almost 326 million. Also in the top 5 are the Brazilian domain .br with data from 29 million accounts, Indian domain .in with eight million, Columbia .co with almost six million and Vietnamese .vn with more than 5.5 million users.
"The cost of log files with credentials varies on the darknet, depending on what kind of data it is and exactly how it is sold. This can happen through a subscription service that regularly loads new data, through a so-called aggregator for specific queries, or through a store that sells credentials in one hand. Prices in such stores usually start from $10 US per log file. It is very important to remain vigilant — both for individuals and companies, especially those who work with a huge number of Internet users. Compromise of credentials is a serious threat that allows attackers to perform unauthorized access for the purpose of theft, posing as other people," said Sergey Shcherbel.
