As per Kaspersky Digital Footprint Intelligence, cybercriminals stole an average of 50.9 login credentials per infected device, the threat posed by data-stealers is growing for both consumers and businesses.
These credentials may encompass logins for social media, online banking services, crypto wallets, and various corporate online services, such as email and internal systems.
Marginal decline as compared to 2022
Infections in 2023 experienced a marginal decline of 9% compared to 2022, however, it doesn’t imply that cybercriminal demand for logins and passwords has stagnated.
It is possible that some credentials compromised in 2023 could be leaked to the dark web at some point during the current year. Therefore, the actual number of infections is likely to be even higher than 10 million,” the company said.
According to Kaspersky’s assessment of infostealer log-file dynamics, the number of infections that occurred in 2023 is projected to reach roughly 16,000,000.
Threat actors either utilise stolen credentials for their own malicious purposes, including perpetrating cyberattacks, or sell or distribute them freely on dark web forums and shadow Telegram channels.
When it comes to compromised domains, India was at third spot.
“The .com domain leads in compromised accounts, followed by domain zones associated with Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn). In the .in domain, associated with India, compromised accounts reached over 8 million in 2023,” the cybersecurity company said.
Nearly 326 million logins and passwords for websites on this domain were compromised by infostealers in 2023, it added.
