The following article was written by Jareth from Emsisoft. It first appeared on the Emsisoft blog on February 20, 2020.\u00a0<\/span><\/em><\/p>\n Everyone who uses the Internet (and that’s just about all of us) will find the content of this article informative as well as shocking. Most of us have no idea how much our personal and semi-personal data is worth to cybercriminals and their ilk.<\/span><\/em><\/p>\n A BIG THANK YOU to Emsisoft for giving us permission to share this article with you. We hope you learn as much from it as we did.<\/span><\/em><\/p>\n How do hackers make money from your stolen data?<\/span><\/strong><\/p>\n Cybercriminals will go to great lengths to steal your data \u2013 but what do they actually do with your information once they get their hands on it?<\/span><\/p>\n In most cases, data theft is financially driven. After stealing your information, bad actors can use a variety of shady channels to monetize your data, including taking out loans and making purchases under your name, holding your data to ransom and selling your data on dark web marketplaces to the highest bidder.<\/span><\/p>\n In this article, we\u2019ll show you exactly how hackers steal and monetize your data, and how much it sells for on the black market.<\/span><\/p>\n There are many methods hackers can use to steal your data. The following is not an exhaustive list, but it does include some of the most common techniques:<\/span><\/p>\n There are many types of malware that can be used to steal your personal information, including keyloggers, info stealers, banking malware and more.<\/span><\/p>\n Most strains typically focus on login credentials, credit card information, browser autofill data and cryptocurrency wallets. Certain breeds, such as the infamous Vega Stealer, sniff out specific file types such as PDF, Word, Excel and text files and exfiltrate (transfer the data without authorization) them to a remote command and control server.<\/span><\/p>\n Malware typically spreads via malicious email attachments, malvertising, drive-by downloads and pirated software. You can keep your system safe from malware with a proven antivirus solution like\u00a0Emsisoft Anti-Malware<\/a>…<\/span><\/p>\n Phishing is a form of low-tech social engineering in which cybercriminals attempt to extract sensitive information such as login credentials, credit card information and personally identifiable information (PII).<\/span><\/p>\n In a\u00a0typical phishing scam, attackers pose as a reputable company such as Microsoft, Amazon or Netflix and claim there\u2019s an issue with your account. The message encourages you to click on a link where you can supposedly resolve the issue by confirming your password or entering your credit card information. This data is sent directly to the hackers, who can then gain access to your real account and the information stored within.<\/span><\/p>\n Phishing attacks are typically delivered via email, but they can also be implemented through social media, text messages and phone calls.<\/span><\/p>\n Hackers can also steal your data by cracking the passwords of your online accounts. There are a few ways this can be accomplished:<\/span><\/p>\n Attackers can also steal your data by preying on unsecured connections such as public Wi-Fi networks.\u00a0Public Wi-Fi is often unsecured and unencrypted<\/a>, leaving users vulnerable to a variety of attacks, including:<\/span><\/p>\n Once a hacker has successfully stolen your data, the first step is to inventory it. They comb through your data for valuable information such as your login credentials, financial information, names, phone numbers, addresses and social security number, and organize it in a database. After the data has been collated, hackers have a variety of ways to monetize it.<\/span><\/p>\n In some cases, hackers may monetize your stolen data by using it themselves to make purchases or commit fraud. This is relatively rare as committing fraud is much more likely to attract the attention of authorities than anonymously selling large batches of data online. Nevertheless, it does happen.<\/span><\/p>\n Attackers can use your stolen data to:<\/span><\/strong><\/p>\n Usernames and passwords are often sold in bulk on the dark web. Buyers may use your login credentials to transfer money from your bank account, make online purchases and access various paid services.<\/span><\/p>\n Here\u2019s how much your account credentials typically sell for, according to a\u00a0Symantec report<\/a>\u00a0on the underground economy:<\/span><\/p>\n Hackers commonly sell PII on underground marketplaces that are accessible on the dark web. Typically, PII will be sold in bulk batches. The more recently the data has been stolen, the more valuable it is.<\/span><\/p>\n Here\u2019s how much your data is worth:<\/span><\/p>\n Attackers will usually sell your credit card information in large bundles of hundreds or even thousands of stolen credit cards. This data is often purchased by \u201ccarders<\/a>\u201d, who try to avoid fraud detection by purchasing gift cards and using them to buy physical items, which may then be sold on the dark web as well as through legitimate channels such as eBay or Craigslist.<\/span><\/p>\n How much do hackers sell your credit card information for?<\/span><\/p>\n Some types of\u00a0ransomware have data exfiltration functionality, which enables hackers to not only encrypt your data but also steal it via a range of channels, including FTP, HTTP, HTTPS, SSL\/TLS and more.<\/span><\/p>\n Attackers can use your stolen data as extra leverage to encourage you to pay the ransom (the average is\u00a0a whopping $84,000) and sell your PII on the black market for extra pocket money.<\/span><\/p>\n It\u2019s not uncommon for hackers to launch attacks on large corporations and sell the stolen data to companies in developing nations. These are typically highly sophisticated, nation-sponsored attacks and can be incredibly lucrative for both the hackers and the country funding the attack. Chinese intellectual property theft is estimated to\u00a0cost the U.S. economy $50 billion a year<\/a>.<\/span><\/p>\n Being the victim of data theft can have significant repercussions. In the short-term, you\u2019ll have to go through the time-consuming process of securing your compromised accounts, reversing fraudulent purchases and replacing stolen credit cards.<\/span><\/p>\n These are annoying but not life-changing effects. However, there can also be longer-lasting consequences.<\/span><\/p>\n For example, if your social security number is stolen and used for fraudulent activity, it could potentially impact your credit history and credit score. Undoing the damage can be very difficult, and may prevent you from making loan applications, purchasing a home or renting property. In addition, if your work-related accounts are used to deliver malware or phishing attacks, you may damage your professional reputation, cause business loss or have to face disciplinary action from superiors.<\/span><\/p>\n Data theft is usually financially driven. There are many ways for cybercriminals to get their hands on your personal data, including malware, phishing, password cracking and man-in-the-middle attacks. Once they have obtained your data, they may use it themselves to commit fraud, or they may sell it in bulk on the dark web.<\/span><\/p>\n <\/p>\n
\n
\nHow hackers steal your data<\/span><\/h2>\n
1. Malware<\/span><\/h3>\n
3. Weak passwords<\/span><\/h3>\n
\n
4. Unsecured connections<\/span><\/h3>\n
\n
How hackers monetize stolen data<\/span><\/h2>\n
Use the data themselves<\/span><\/h3>\n
\n
Sell your login credentials<\/span><\/h3>\n
\n
Sell PII to buyers on the black market<\/span><\/h3>\n
\n
Sell your credit card information<\/span><\/h3>\n
\n
Hold your data to ransom<\/span><\/h3>\n
Sell valuable intellectual property<\/span><\/h3>\n
How data theft can impact victims<\/span><\/h2>\n
Conclusion<\/span><\/h2>\n
![\"Jareth\"](\"https:\/\/secure.gravatar.com\/avatar\/9fd02f7724fb6f6ab41edea2d82942b5?s=127&d=mm&r=g\")