Check Point® Software Technologies Ltd., a leading provider of cyber security solutions globally, is warning of a sharp increase in cyber-criminals stealing personal data and information on documents such as driving licenses and passports, to sell on the dark net.
A recent report found that while the number of publicly-disclosed breaches of sensitive data from organisations fell by 48% in 2020 compared to 2019, the volume of records compromised by these breaches jumped by 141% to 37 billion. Earlier this month, it was disclosed that 500 million Facebook users’ personal details had been leaked online, including their phone numbers, email addresses and location information.
This data is prized by criminals because it can reveal individuals’ login credentials for online accounts. Research by Privacy Affairs gives an overview of the prices being asked on the dark net for different types of stolen personal data, with credit card details selling for between US$12 and US$35, and stolen online banking credentials to accounts with a minimum balance of US$2,000 selling for US$65. The access credentials to a user’s Gmail account sell for up to US$150.
“Personal data and account credentials are a key commodity on the dark net, which means criminals are always looking to steal them in order to make a profit for themselves,” said Evan Dumas, Regional Director, Southeast Asia at Check Point Software. “It’s critical that consumers as well as organisations use security software to protect their computers and data, and also understand how to be able to detect the types of cyber-attack tactics that criminals use when trying to breach systems and steal data.”
Check Point recommends individuals take these five actions to protect their PCs and data:
- Never share credentials: theft of credentials is one of the main targets of cyber-attacks. Many people reuse the same usernames and passwords on many different accounts, so stealing the credentials of a single account gives a cybercriminal the chance to gain access to several. Therefore, never share them and never reuse passwords.
- Always be suspicious of password reset emails: when you receive an unsolicited password reset email, always visit the website directly (do not click on links) and change your password to a different one and any other site where you have used the same password.
- Keep software up to date: Cybercriminals often find entry points into applications and security software by observing vulnerabilities and exploiting them. Fortunately, some developers actively look for new vulnerabilities and patch them. Keeping constantly updated with the latest versions of software is one of the best protections against these attacks.
- Adopt multi-factor authentication: this system forces users to verify their identity in several ways before being granted access to a system. This way, even if a password is mistakenly given to a cybercriminal, they’d still be unable to gain access.
- Use the best protection software: Most ransomware attacks can be detected and resolved before it is too late. To maximise your chances of protection, you should have an automated threat detection system in place.