Why Did Credential Leaks Surge to 21 percent in 2024?
Mokshita P.
10X Technology
Published:

Why Did Credential Leaks Surge to 21 percent in 2024?

In 2024, breaches of company credentials hit 21 percent, and theft of commercial secrets soared to 24 percent. Personal data theft has declined, while ransomware attacks are increasingly common.

In 2024, cybercriminals have shifted their focus from stealing personal data to targeting company credentials and trade secrets. According to a recent study by Positive Technologies, which looked into data breaches in Russia, the Middle East, and globally, there's been a significant rise in these types of breaches. They reviewed over 1,000 dark web listings and 700 public incident reports from the first half of the year.

The study reveals that credential leaks from organisations reached a record high of 21 percent in the first half of 2024. This is a sharp increase from last year. Additionally, thefts of commercial secrets and restricted information climbed to 24 percent, up 10 percentage points from the same period in 2023. On the other hand, incidents of personal data theft have decreased, dropping to levels seen in 2022: 37 percent in Q1 and 25 percent in Q2.

The sectors most affected by the theft of commercial secrets are industrial (39 percent), government agencies (36 percent), and transportation companies (29 percent). Notable breaches include Hyundai Motor Europe and Volkswagen, with Volkswagen losing documents on electric vehicle technology. IT companies are also at risk, with 29 percent of breaches involving internal processes and products. For example, hackers accessed the source code of software from Apple and AMD. Stolen credentials are often used to launch further attacks, particularly targeting government organisations.

Credential compromise is usually just the beginning. It often leads to more severe actions like theft of funds or system disruptions. Ransomware was used in nearly a third of successful breaches involving data leaks. Interestingly, listings for stolen government data on the dark web feature Middle Eastern countries in 16 percent of cases. Asia leads with 33 percent, followed by Latin America and the Caribbean at 18 percent. Advanced Persistent Threat (APT) groups, which primarily focus on the public sector, are behind many of these attacks.

Anna Golushko, a Senior Analyst at Positive Technologies, notes that credentials are frequently sold on dark web forums, which are a major revenue source for cybercriminals. For example, in March, access to a prominent UAE bank’s website was listed for US$10,000. Dark web forums now offer access to dozens or even hundreds of companies per post. In April, a listing offered access to the infrastructure of 16 companies across Latin America, the Middle East, Europe, and Asia, with prices ranging from US$250 to US$5,000. The revenue of these companies ranged from US$4 million to US$2.8 billion. For instance, a UAE-based consumer electronics company with US$6.5 million in revenue had its data valued at US$400. In June, another listing offered credentials for over 400 companies, including access via platforms like Jira, GitHub, and GitLab.

Interestingly, nearly twice as many dark web ads offer information for free compared to those that sell it (64 percent vs. 33 percent). This is because many attackers prefer to demand ransom not to disclose the information rather than sell it outright. In the first half of 2024, government organisations were frequently targeted to steal personal data. Over half of the ads on the dark web are priced under US$1,000, while about 10 percent are in the most expensive category, costing US$10,000 or more. The priciest offers, exceeding US$50,000, involve major financial institutions, retail giants, and IT companies. For instance, EDR developer Cylance suffered a cyberattack in Q2 2024, leading to 34 million emails and an unspecified volume of customer and employee data being sold for US$750,000.