Let’s reduce risks: How cybercriminals use stolen information

For cybercriminals, information represents money, an access point, and also a tool for committing new crimes. This is why personal and sensitive or private data, such as full names, contact information, credit card numbers and banking credentials, health data, social media and service login credentials, among others, have become one of the most coveted targets for malicious actors. ESET, a leading international company in proactive threat detection, analyzes what cybercriminals do once they obtain stolen information.

Most common actions

Selling it on underground forums: One of the main benefits cybercriminals derive from stolen information is simply money. Personal data has significant value for the criminal ecosystem. They primarily sell it on underground forums and Dark Web marketplaces, where personal data, login credentials, banking and financial information, corporate passwords, and any other sensitive information are sought after by other cybercriminals for use in various illegal activities.

Other crimes

• Identity theft: The more information cybercriminals obtain about a person, the more tools they have to create a fake digital profile and thus scam their contacts or commit cybercrimes in their name. • Financial fraud: Certain personal data facilitates access to financial resources, allowing cybercriminals to obtain illicit gains. This can range from making purchases to applying for credit cards.
• Personalized phishing attacks: Stolen information allows cybercriminals to create much more credible and targeted phishing emails. Data such as the victim’s work email address or the company where they work can lend a false sense of authenticity to an email with malicious intent.
• Extortion of victims: Information is a very powerful tool that, in the wrong hands, can be used for extortion and blackmail. Cybercriminals often use it to pressure their victims, from a concrete threat to making confidential data public, selling it to competitors, or simply causing reputational damage. In most of these cases, their goal is to obtain money.
• Espionage and sabotage: In the business or government sector, a simple stolen password can be the gateway to internal networks, critical infrastructure, and even confidential information belonging to clients, suppliers, allies, or business partners—and that’s just the beginning.

In contrast to the points mentioned above, in these cases the objective is not monetary, but rather to spy undetected, accessing networks, emails, and internal communications, altering production or logistics processes, and even deleting, modifying, or corrupting key information.

In this context, it becomes essential to take concrete actions to protect sensitive and confidential data, whether personal, corporate, or institutional.

ESET Latin America shares recommendations to significantly reduce the risk of data being exposed or falling into the wrong hands

• Protect your information: avoid sharing personal data online.
• Use strong passwords: they should be robust and unique for each account.
• Activate two-factor authentication on every account that allows it.
• Keep both devices and software up to date.
• Have a robust and reliable security solution.
• Stay up-to-date on the latest cybersecurity news.

For other useful data and preventative information, visit https://www.eset.com/ve/and follow them on social media @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and image provided by ESET and Comstat Rowland       

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram