SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Phishing
#
Cybersecurity

Dark web leak: 2.3 million bank cards exposed online

Today
Author image
By Catherine Knowles, Journalist

Kaspersky Digital Footprint Intelligence has reported that an estimated 2.3 million bank cards have been leaked on the dark web, attributing this to data-stealing malware log files analysed from 2023 to 2024.

The report reveals that every 14th infostealer infection leads to compromised credit card information. With nearly 26 million devices affected by infostealers during this period, more than 9 million devices were compromised in 2024 alone. Sergey Shcherbel, an expert at Kaspersky Digital Footprint Intelligence, commented on the ongoing impact of data-stealing malware. 

"The actual number of infected devices is even higher. Cybercriminals often leak stolen data in the form of log files months or even years after the initial infection, and compromised credentials and other information continue to surface on the dark web over time. Therefore, the more time passes, the more infections from previous years we observe. We forecast the total number of devices infected with infostealer malware in 2024 to be between 20 million and 25 million, while for 2023, the estimate ranges between 18 million and 22 million," Shcherbel explained.

The leaked bank cards, though globally under one percent, have a technical validity rate of around 95%, according to Kaspersky experts. Infostealer malware targets both financial information and other critical data like credentials and cookies. Such malware often disguises itself as legitimate software, infiltrating devices through phishing schemes, compromised websites, and other means.

For the year 2024, Redline retained its position as the most prevalent infostealer, accounting for 34% of infections. Another significant concern has been the rise of the Risepro infostealer. 

"RisePro is a growing threat. It was first discovered two years ago, but seems to be gaining momentum. The stealer primarily targets banking card details, passwords and cryptocurrency wallet data, and may be spreading under the guise of key generators, cracks for various software and game mods," added Shcherbel.

The new entrant Stealc has also shown substantial growth, starting from its appearance in 2023 and expanding its share of infections from nearly 3% to 13% within a year. This increase underscores the evolving threat environment posed by different variants of infostealers.

In response to the growing threat, Kaspersky has provided guidelines to mitigate the risks associated with data-stealing malware. They advise vigilance in monitoring banking and account activities, employing two-factor authentication, and ensuring security measures such as reissuing bank cards and changing passwords. They also recommend running thorough security scans on devices to identify and remove any malicious software.

For organisations, proactive monitoring of dark web markets is advised to identify compromised accounts before they pose a significant risk. Kaspersky has launched initiatives to help businesses track cybercriminal activities concerning their assets to safeguard against potential attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ManageEngine transforms Log360 into security analytics hub
Red Canary unveils cost-saving data storage enhancement
Cybersecurity & AI lead MSP growth in recent report
Rising ICS/OT cyber threats due to budgetary imbalances
Okta surpasses $1 billion in AWS Marketplace sales
Top stories
Hackers exploit botnet to attack Microsoft 365 accounts
Advanced persistent threats rise by 74% in 2024 report
Arlo & SmartThings enhance home security partnership
Women in tech share insights ahead of International Women's Day
Jamf to acquire Identity Automation for $215 million