Security company Symantec is warning enterprises and consumers to be cautious when sending information online.
A new report by the company details how cyber criminals are selling personal information such as credit card and financial account details to others via underground servers, adding up to US$276 million in stolen goods.
While stolen credit card numbers sell for as little as 10 cents up to $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4000.
The popularity of credit card information is due to the many ways this information can be obtained and used for fraud.
The second most common category of goods and services advertised was financial accounts. While stolen bank account information sells for between $10 and $1000, the average advertised stolen bank account balance is nearly $40,000.
The report is derived from data gathered between July 2007 and June 2008.
Symantec Australia and New Zealand vice president Craig Scroggie says the underground economy is a reflection of what’s happening in the world.
“We see a relatively strong number of servers in the Asia Pacific region, but it reflects the maturity of our online market.”
Asia Pacific hosts 12 percent of the underground servers.
“The underground economy is becoming a self-sustaining marketplace through spam tools and phishing kits. These are used to harvest financial information.”
He adds that credit cards made up 31 percent of all advertisements for sale and it was the most requested category. Bank account credentials were also frequently advertised.
Scroggie recommends consumers have an email filtering solution in place. “That should stop the spam emails that are used for phishing attacks. They should take care with the amount of information they post on social networking sites. Information is becoming personalised, because there is more information out there online to make these emails seem quite legitimate.”
Bank account balances of up to $40,000 being accessed were usually business accounts, says Scroggie.
“Data loss such as information from lost business laptops and PDAs is ending up on the underground economy. The implication for enterprises is far greater than for consumers.
"Enterprises need to look at database encryption and endpoint protection. They should ensure that when sensitive information is copied there is a record of that.”
And, he adds there is a great opportunity for resellers in this space. “The technology is only a small piece of the puzzle and solving this problem is a combination of people and technology processes. There is consulting around options such as firewalls, anti-phishing and encryption. Resellers are just starting to scratch the surface and products by themselves will not solve the problem.”