In the first half of 2019, more than 23 million users of payment cards were put up for sale on underground darknet forums. According to a report by researchers from Sixgill, the data of almost 15 million cards belong to users from the United States, which accounted for almost 64.5% of the total number of data put up for sale.
In the second place by the number of compromised payment cards was the UK (7.43%). The third is India (3.78), followed by Brazil (2.18%). According to researchers, Russia occupies the last place with a figure of .0014% (a total of 316 cards).
According to researchers, the last place of Russia in the ranking is due to two factors, in particular with a large number of hackers from the Russian Federation and the economic situation in the country.
The attackers began to use not only underground markets as marketplaces, but also IRC channels and platforms with implemented encryption, such as Telegram.
In total, the data of 57% of the compromised financial documents were associated with Visa cards, followed by Mastercard – 29%, AMEX accounted for 12%.
Compromised payment card data is offered at underground sites for as little as five dollars. Researchers divide the information sold into two classes. The first includes data that includes a three-digit card authentication code located on the back of the card, and the second includes information stored on the magnetic stripe of the card needed to create cloned cards for physical purchases.
“The centralization of fraudulent activity on several underground sites reflects the situation in real financial markets. It seems that this phenomenon is an excellent opportunity for law enforcement agencies to curb a significant part of cybercrime activities. However, as shown by the example of such markets as Alphabay, Hansa and Silk Road, criminals quickly “move” to other sites, “the researchers concluded.