Cyber-attacks: data theft on the dark web increases by 45% in 2023

2023 saw an increase in compromised account credentials, combined with other extremely valuable data to hackers. It is estimated that more than 7.5 billion pieces of data are circulating on the dark web or accessed on messaging platforms globally, a growth of +44.8% compared to 2022. In addition, 1,801,921 data reports were detected on the dark web, an increase of +15.9% compared to 2022. These are some of the main findings of CRIF’s Cyber Observatory, which analyses the vulnerability of users and companies to cyber-attacks, interpreting the main trends affecting data exchanged in both Open Web and Dark Web environments.

Types and dangerousness of cyber fraud

In 2023, the email address has become a particularly valuable piece of data because it allows access to various services. In fact, in the CRIF Observatory analysis, it was found that, in combination with the password, 94.4 per cent of cases exposed the victim to more accurate and credible fraudulent messages, such as those of fake payments to be authorized or blocked accounts. These phishing messages contain malicious links that induce the victim to click and provide further data to the fraudsters. Increasingly richer datasets of contact information complete the victim’s profile, making them more vulnerable to fraudsters.

Dark Web

The severity of alerts sent in 2023 increased overall by +29% compared to the previous year, confirming that vulnerability to fraud per data exposure is growing. In fact, in one out of ten cases, the victim’s email address and first and last name appear in addition to the telephone number. Lists of personal data composed in this way are a gold mine for fraudsters, who can carry out highly personalized frauds and exploit artificial intelligence, which is often mentioned in phishing kits and malware exchange forums. In 2023, this multiple combination of personal and contact data shows an increase of +45% compared to the previous year.

Furthermore, the whole of 2023 saw a proliferation of ad-hoc tools made available to the fraud community. For instance, ‘phishing kits’ (such as Modlishka, Evilginx and many others) are widespread, i.e. tools ready to be used even by less experienced hackers to target consumers with phishing campaigns. Thanks also to the malicious use of the possibilities of artificial intelligence, fraudulent emails are becoming increasingly sophisticated, making it even more difficult for the recipient to distinguish real from fake communications. In addition, quickly translating into different languages helps criminals spread phishing attacks more globally.

Cyber-attacks: data theft on the dark web increases by 45% in 2023
Cyber-attacks: data theft on the dark web increases by 45% in 2023

Attention to the social

In this context, open-source messaging applications – such as Telegram – are increasingly becoming the ideal place to exchange stolen data and instructions for creating ready-made malware or to buy and sell tools for hackers. In fact, a simple search within applications is enough to uncover channels and groups exchanging personal data, including credit cards. The “infostealers” (malware designed to steal personal data) are a further threat to consumers: spread via malicious links, malicious emails, or compromised websites, they put users’ security at risk by operating stealthily and capturing information and credentials while surfing online. Some information is particularly valuable for emulating user activity in fraudulent schemes such as account theft.

The most ‘desirable’ and vulnerable data in cyberspace 

The main categories of data that are under attack remain, even in 2023, passwords, e-mail addresses, usernames, first and last names and telephone numbers. This information circulates predominantly on the dark web and is more vulnerable. Compared to 2022, the password overtakes the e-mail in first place, while the username rises to third place, overtaking the first and last name and telephone number as the most vulnerable data. Very often, e-mail is associated with a password, with 94.4 per cent of cases (up +4.4 per cent compared to 2022); similarly, along with passwords, usernames often appear (65.6 per cent). The telephone number plays a key role in these cases and increases the victim’s vulnerability when associated with the password (16.6%). This combination is up +25.6% year-on-year.

Most hacked account types

The ranking of the most hacked e-mail accounts on the dark web shows Gmail, Yahoo, and Hotmail as the top 3 positions. Most of the hacked accounts are related to entertainment sites (56.6%), followed by e-commerce (16.4%) and social media (11.9%). The risk of data theft can lead to direct economic consequences for victims. In fourth and fifth place are the theft of forum accounts and websites of paid services (6.2%) and financial (4.8%), such as banking. In the case of credit cards, in addition to the card number, CVV and expiry date are also very frequently found on the dark web: 96.9 per cent of cases.

Among the continents most subject to this illicit data exchange, North America tops the list with 54.5% of the total volume, followed by Europe with 23.8%. Among the countries most subject to the exchange of credit card data, the United States, France, Mexico, Brazil, and Russia occupy the top positions in the global ranking, while Italy is in 16th place.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.