Study recovers over 10,000 stolen bank details
A seven-month study on malware and criminal keylogging malware allows researchers to get hold of data worth millions.
Researchers recovered over 10,700 stolen online bank account credentials and 149,000 stolen emails during a seven-month study on the underground economy'.
The study by the University of Mannheim also finished with researchers harvesting 33GB of keylogger data, resulting in information about stolen credentials from more than 173,000 compromised machines.
Researchers managed to collect this data from dropzones', a public writable directory on a server residing on the web acting as an exchange point for keylogger data.
Malware running on compromised machines would send all credentials to the dropzone, where an attacker could pick them up and use them.
Researchers Thorsten Holz, Markus Engelberth and Felix Freiling said that the data was worth potentially millions of dollars on the underground market, and that cybercrime was profitable enough to earn attackers hundreds of pounds per day.
They said in the report: "The result of this study is that internet-based crime is now largely profit driven and that the nature of this activity has expanded and evolved. Digital and classical crime are merging."
The two keyloggers the researchers analysed were Limbo and Zeus with the researchers observing some 164,000 infections stemming from the former.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Stolen data included that from banking websites and credit cards, as well as social networks, email passwords and online trading platforms. Statistics showed that 12 per cent of the data was traced back to the UK.
However, the analysis method used in the report was not restricted to keylogger-based attacks.
The researchers said: "It can be applied to all attacks in which an attacker steals authentication credentials of a victim after some form of contact. We call these types of attacks impersonation attacks.
"This class covers a range of real-world attacks including many different forms of phishing, certain forms of sending spam, or online fraud based on identity theft."
The study is available here.