India among top three countries most targeted by phishing campaign: Report
MUMBAI: India ranked third globally and first in the Asia-pacific region in the list of 111 countries affected by a world-wide cyberattack involving a syndicate of cybercriminals stealing passwords through a concerted phishing campaign, according to a recent report.
The research was conducted by Group IB, a cybersecurity research firm based in Singapore. The researchers said 34 Russian-speaking cybercriminals have been distributing infostealing malware via Telegram.
An info stealer is a type of malware that collects credentials stored in browsers, including gaming accounts, email services, and social media, bank card details and crypto wallet information from infected computers, and then sends the data to the operator. After a successful attack, the scammers either obtain money using the stolen data or they sell the information on dark web markets.
The report, exclusively with HT, revealed that in the last two years, the syndicate had stolen over 11 crore cookie files—temporary
files—from browsers, which enable hackers to access social media or banking accounts of the users without passwords.
The cybercriminals also stole lakhs of passwords and thousands of financial login data sets from Indian users over the last two years. Over 50 million passwords were stolen in the first seven months of 2022 alone.
Researchers said that the value of the stolen data was around USD 5.8 million in the underground market.
India saw the highest number of infected devices in the Asiapacific, closely followed by Indonesia, Philippines and Vietnam. Globally, the top five most often attacked countries in 2022 were the United States, Brazil, India, Germany, and Indonesia, the report mentioned.
“The stealer malware infected 19,249 devices in the last 10 months of 2021 in India, while the number grew to 53,988 in the first seven months of 2022,” said Ilia Rozhnov, head of the digital risk protection team in the Asia-pacific, Group-ib.
Rozhnov added that in India, among the passwords that the cybercriminals most frequently collected include Amazon passwords, which made 32% of the stolen passwords, followed by Paypal at 17% in the last 10 months of 2021. In the first seven months of 2022, the most frequently obtained credentials were the same—amazon at 29% and Paypal at 11%. The research showed the campaign works on the stealer-as-a-service mode, where the malwares are rented out to those who need them.
Globally, the cybercriminals collected 27,875,879 passwords, 1,215,532,572 cookie files, 56,779 payment records and data of 35,791 crypto wallets in the last 10 months of 2021. In the first 7 months of 2022, they stole 50,352,518 passwords, 2,117,626,523 cookie files, details of 103,150 bank cards and data of 113,204 crypto wallets.