Mehul Reuben DasDec 08, 2022 17:20:49 IST
In a recent study of their data, Nord VPN has discovered that because of unsafe practices while browsing the internet about 6,00,000 Indian users have had their private data stolen by phishing groups. Moreover, the study also discovered that most of this data is available on a corner of the internet, for as little as Rs 490.
It means that India, which is still waiting for a data protection bill to become law, is the most severely impacted country in the world, accounting for 12% of all data on bot markets, which are online marketplaces used by cybercriminals to sell data they have stolen.
It is noteworthy that these markets differ from other dark web markets in that they can obtain large amounts of data about a single person in a single location. After selling the bot, they guarantee the buyer that the victim’s information will be updated for as long as the device is infected by the bot.
The study by NordVPN of Lithuania’s Nord Security has revealed that the stolen information included user logins, cookies, digital fingerprints, screenshots, and other details. Researchers have been tracking the data since the start of the bot markets in 2018.
It was said that on the examined markets, at least 26.6 million stolen logins had been discovered and these included 720,000 logins for Google, 654,000 for Microsoft, and 647,000 for Facebook.
Additionally, researchers also discovered 667 million cookies, 81 thousand digital fingerprints, 538 thousand auto-fill forms, a tonne of screenshots from various devices, and webcam pictures.
Stolen data were found after examining three major bot markets which are the Genesis market, the Russian Market, and 2Easy.
It is understood that while bot markets are becoming more popular, cybercriminals are continuing to use some common malware like RedLine, Vidar, Racoon, Taurus, and AZORult to steal data.
India has been dealing with cyber security concerns for a while. As recently as last month, multiple servers of the All India Institute of Medical Sciences (AIIMS) were infected on November 23.
A week after the ransomware attack on AIIMS, the Indian Council of Medical Research or ICMR faced around 6,000 hacking attempts within 24 hours on November 30.
Indian cybersecurity rules have tightened only earlier this year, with the Indian Computer Emergency Response Team or CERT-In, requiring tech companies to report data breaches within six hours of noticing such incidents and to maintain IT and communications logs for six months.
“What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place,” said Marijus Briedis, chief technology officer at NordVPN.
“And after the bot is sold, they guarantee the buyer that the victim’s information will be updated as long as their device is infected by the bot.”
Researchers of NordVPN found 667 million cookies, 81,000 digital fingerprints, 538,000 auto-fill forms, numerous device screenshots, and webcam snaps in their study.