The number of stolen Asian credit cards being sold on the darknet has reduced sharply, according to a report by IB-IB at the ATXSG conference held in Singapore. Attackers in the region are focusing their efforts on stealing corporate documents and India is their main target.
Researchers have discovered that criminals are using botnets to access data from Indian organisations, including a total of 3,249,318 lines of data plus 413 corporate accounts. Indonesia has taken second place with 1,950,951 compromising documents, and Vietnam is second in terms of numbers of hacked accounts, with 322.
Out of 100 Group IB security violations for ATR companies in the Asia-Pacific region, which resulted in a leak of more than 81 million records, 34 were traced to India and 22 to Indonesia. Taiwan was third with six notes. Data security breaches in Asia-Pacific are growing, reflecting a 27% annual increase.
Over 12 million of the compromised accounts, out of 29 million that went on sale on the darknet, have been traced to India, with Indonesia second with almost 4.4 million accounts. Most of the accounts have been traced to the RussianMarketshop website, with 85% being accessed using Raccoon Stealer (73%).
Group IB has noted that hackers are targeting India, Indonesia and Vietnam because they are large and active users of information technology; but other countries are vulnerable too. India is not the nation with the highest incidence of malware from Android; this is Australia, with 34 mobile applications, followed by India with 33, Japan with 23 and Singapore with 21.
IntHEBOX is a major contributor to the spread of banking malware. Therefore, attacks on richer countries, such as Japan, Singapore and Australia, mean more income for criminals. Group IB has found that China is the source of most of the compromised corporate accounts and credit cards.
The most compromised corporate accounts and credit cards found in shadow markets in the darknet were sourced from China. Group IB also found dumps of data containing over 213,000 credit cards from the Asia-Pacific region; these were offered for sale in 2023, a tenfold reduction compared to the number of cards sold in 2022. Of these cards, over 62,000 were Australian and over 29,000 were Chinese.
The reduction in the number of stolen credit cards being sold on the darknet, combined with an increase in security breaches, indicates a change in the criminal business model. Attackers are moving away from individual to more profitable targets such as businesses, governments and other organisations.