October 6

Business Credentials: How much are your credentials worth to cybercriminals?

Cyber-attacks continue to climb in Australia and New Zealand …and so does the value of your business credentials. 

According to the Australian Cyber Security Centre (ACSC), in 2020 alone – Australia experienced a cyber attack every 10 minutes, averaging up to 164 cybercrime attacks per day. 

Cybercrime Reports - ACSC
Source: Australian Cyber Security Centre (ACSC)

Whereas in New Zealand, 2020 saw 7,809 incidents reported to CERT NZ, a 65% increase in 2019. Individuals, small businesses and large organisations from all over New Zealand submitted reports.

Despite consistent efforts of Business Owners, their security teams and the Government – the sad truth is, a major cyber breach can happen anytime to any business, small or large. 

95% of cyber security breaches are caused by human error. 

Many businesses believe that simply having antivirus software and two-factor authentication in place is enough to guarantee your company and employees’ safety against cyber attacks. 

The reality is – Many factors contribute to a cyberattack. 

Cybercrime comes in many different forms. The most common include:

  • Business Credentials – email addresses, passwords, personal information,
  • Credit card numbers, 
  • Counterfeit currencies, 
  • Firearms, and
  • Various types of drugs.
ACSC Annual Threat Report Graph
Source: Australian Cyber Security Centre (ACSC)

Read more about the types of cybercrime here.

Business Credentials: Your email address (business and personal) is a lucrative commodity for bad actors ‘hackers’.

It’s just an email!  …Famous last words.

You may think your email is not significant enough for hackers to prey on. 

The reality is that emails are one of the most sought-after pieces of information cybercriminals prey on. Often forming the foundations when building a Fullz List.

Privacy Affairs, a website from Romania that conducts various data and cybersecurity research, advice, and information – conducted research (with the help of BGR) to produce the Dark Web Price Index 2021. 

This research revealed how much hackers value stolen or leaked information. The price index report reflects that companies including Google, Microsoft, and even MasterCard were victimised by breaches in 2020.

The highlight of the price index is this: the dark web market-priced hacked Gmail accounts higher than cloned Visa, Mastercard, or American Express PINs. 

A stolen Gmail credential is also more expensive than a stolen banking credential that contains at least $100 in deposit.

Privacy Affairs’ dark web price index shows that a hacked Gmail account is worth $80. Comparing that with a Mastercard and Visa PIN which cost $25 or a bank account at $40. 

  • Gmail – $80
  • Credit card details- $25
  • Bank account ($100 balance)- $40

Surprisingly, your Gmail costs more than bank details or credit card information. 

What you need to know is that your email address and password are for sale at a higher price because it’s a hacker’s gateway to bigger heists. Your Gmail might be linked to a bank account, credit card company, and many other things – business and personal. 

In short, bad actors ‘hackers’ can get access to a treasure trove of information, simply by purchasing a Gmail account.

Your identity may be for sale on the Dark Web

If you think your credit card, banking, and email information are the only things they can purchase on the dark web, you better think again. 

According to the same dark web price index, you can choose from a full range of documents and account details that can fire up identity theft priced at $1,500. 

Identity theft is not a term people like to talk about or even think about. Unfortunately, the fact remains that the dark web can enable you to be a victim of identity theft – all because of a compromised credential.

Ignoring the possibility of identity theft is so massive that it can destroy a company and everything around it. Added to this, there are various factors that can cause a cyber breach. 

A cyber breach may occur off the back of a single email, a person pretending to be your partner/supplier/vendor, and even situational factors like tired employees sending emails to the wrong person. 

One of these people might be a “fake person”. The email conversation you had with your colleague may now be from a hacker. The possibilities are endless.

Your business credentials are like gold to cybercriminals

Leaked Gmail information is already disruptive but, the magnitude of the effects of a leaked company credential is something a business might find hard to manage. Hackers can get access to your client database, bank accounts, and other confidential data that can be used against your business.

Even if you do not use Gmail for your company emails, it can still be targeted by cybercriminals. 

Any email can belong to a hacker’s database. A compromised business credential, even from those who are in the lower bracket of your organisation, can now be used to penetrate your system and cause massive data breaches, damaged brand reputation, huge finance, and operating losses. 

These days, hackers do not only target those from senior management – they may take it slowly, simply penetrating an enterprise’s system through the lower level employees’ access. 

This is why a single compromised credential – email and password information, no matter who owns it in the organisation, can destroy an enterprise of any size.

Every year the pricing menu is updated

Your antivirus will not remind you to not click on a malicious link. It will not scan your emails and messages saying it’s from a hacker, that it’s a spear phishing attack or a generic phishing one. 

Your cybersecurity is highly dependent on your knowledge about these risks and threats. And unlike before, one cannot afford to ignore cyber threats anymore. 

Recently, Defence Connect published an article stating how bad Australian companies are more vulnerable to cyber attacks than ever. Disruption is always lingering around. 

The Australian Cyber Security Centre (ACSC) reported that there’s at least one cybercrime happening every 10 minutes to Australian businesses- averaging at least 164 cybercrime reports per day. 

Cybercrime costs Australian businesses $29 Billion per year.

The value of your business credentials and what they are worth to cybercriminals is fluid and changes all the time. 

Credentials help hackers exploit individuals and companies alike.  

From fake COVID-19 vaccines, vaccination cards, hacked medical records, and more. It’s not only Australia that experienced the surge in cyberattacks. 

In the UAE, a 250% increase in cyberattacks was observed in 2020. The World Health Organization reported that a fivefold increase in cyberattacks was experienced in 2020 urging healthcare organizations and companies and all industries to take precautions and vigilance against these bad actors.

Furthermore, the boom of Cryptocurrencies has also affected the huge increase in the value of credentials bad actors are willing to pay. 

CRINTEL helps SMEs deal with the dangers of the Dark Web

CRINTEL – Cyber Risk Intelligence is a Private Intelligence Agency (PIA) that specialises in Cyber Threat and Risk Intelligence originating from the Dark Web. 

We work as a co-managed solution to support and provide your internal team and external IT cybersecurity advisors with 24/7 live monitoring of the dark web.

Our Threat Intelligence Units (TIUs) monitor your business domain, email addresses and key suppliers – looking for exposed business credentials that we can find about your business and suppliers – that are up for sale on the dark web. 

Our enterprise-level cyber intelligence systems, used by Fortune 500 companies, are supported by human operatives and collect live dynamic data that is scanned or sourced from live dark web forums leveraging multiple sources in real-time 24/7, 365 days per year.

Are your business credentials up for sale on the dark web? 

Dark Web Monitoring

Get started with Crintel FREE today! Request a complimentary Cyber Intelligence Report here.

NOTE: As this article is sourced from one or more third parties we cannot guarantee the information is correct and suggest if you are relying on this information, for whatever reason, then you should first do your own research. Click here to learn more about how CRINTEL can help your business.









Cyber Risk Intelligence, Cyber Threat Intelligence, Cyber Threats, Dark Web, Deep Web, Small Business

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}