The average person uses 191 services that require a password or other credentials, according to a report by cybersecurity company Digital Shadows. All of these usernames, passwords and other credentials are becoming increasingly vulnerable as criminals increase and refine their "credential-hacking functions," the report said.
There are more than 15 billion stolen credentials on the market - a 300% increase from 2018. The source of these credentials: 100.000 breaches.
Of these 15 billion, 5 billion are unique, meaning they are not the same passwords used in different accounts. Most of these credentials belong to ordinary users. The report emphasizes, as many security experts do, that users they should never use the same password on different accounts.
"The message is simple - users must use different passwords for each account," said Rick Holland, CISO of Digital Shadows.
The businesses and people whose emails are public should also be careful.
How valuable is a password? Although the Criminals of cyberspace offer many credentials for free, those sold cost an average of $ 15,43, the report explained.
See how criminals value your credentials:
- Access to the organizations' basic systems sells for up to $ 140.000, with an average selling price of $ 3.139.
- Bank and other financial accounts sell for an average of $ 70,91.
- Account access for antivirus software costs about $ 21,67.
- Multimedia streaming accounts, social media, file sharing, virtual private networks (VPNs) and adult content sites sell for less than $ 10.
What drives all this criminal activity? The violation of one account "It has never been easier (or cheaper) for cybercriminals," the report said.
The so-called brute force cracking tools are available on the dark web and sell for an average of $ 4. The attacks Brute Force are generally those where an attacker tries to guess passwords based on common passwords, hoping to guess correctly.
Criminals can also buy Account Takeover (ATO) "as-a-service". Essentially, the criminal rents an ID, often for less than $ 10.
The Sentry MBA is a very popular tool, as is OpenBullet.
The report cited the Verizon Data Breach Report, which reported that more than 80% of hacking-related breaches were committed using the brute-force cracking or by using lost / stolen credentials.