Finjan Finds Health And Business Data Being Auctioned Online

More than 500 megabytes of valuable data are being offered to the highest bidder on crimeware servers in Argentina and Malaysia, says security firm Finjan.
More than 500 megabytes of premium health- and business-related data, along with stolen social security numbers, have been found being offered to the highest bidder on crimeware servers in Argentina and Malaysia.

Security firm Finjan discovered the illicit data market and issued a report about its findings today.

Yuval Ben-Itzhak, CTO of Finjan says his company's findings demonstrate how the market for illegally obtained data functions and underscore the seriousness of computer compromises.

"We see that cybercriminals go after 'premium' data that they can trade for substantial profit," said Ben-Itzhak in a statement. "The increase in Web-based attacks is staggering. Industry figures include a growth of more than 200% of Web-based malware, with an increase of over 800% in backdoor and password-stealing malware, illustrating that sensitive corporate and medical are at risk."

Such success has actually been problematic for cybercriminals. As more and more information thieves succeed in their crimes, more and more stolen data floods the market.

"Not too long ago, credit card numbers and bank accounts with PINs were selling for $100 or more each, on Web sites offering this type of stolen information," the report says. "Nowadays, prices have dropped to $10 or $20 per item."

Cyber criminals have responded by focusing on high-value data and protecting it with encryption to prevent others from stealing their stolen property. This allows them to limit availability, to auction access off to the highest bidder, and to maintain prices.

Among the things Finjan found were Citrix login credentials for a well-known U.S. hospital and a U.S. air carrier, Outlook account information, and social security numbers.

A recent analysis of four years worth of data breach investigations by Verizon Business Security Solutions found that 87% of data breaches could have been prevented with reasonable security precautions.