The average cost of information about a citizen's operations per month increased by 20% - up to 9.3 thousand rubles
PERSONAL INFORMATION BANKS DATA LEAK
The cost of "breaking through" the personal data of clients of Russian banks on the black market in 2020 increased by 20% : - from 7.7 thousand to 9.3 thousand rubles.
At the same time, the "detailing" of the actions of a cellular subscriber, compared to 2019, fell from 11.4 thousand to 10.6 thousand rubles . Such conclusions are contained in a study by the company to identify data leaks DLBI (available from Izvestia).
Representatives of credit institutions and mobile operators assure that control over the safety of information is increasing every year, which probably affects their price . The information can be used by fraudsters to deceive Russians using social engineering methods.
The median price for a bank "breakout" - the illegal provision of information about citizens' accounts, balances on them, and data of owners - increased by 20% in 2020.
Now a monthly statement costs on average 9250 rubles, in 2019 this service cost 7667 rubles . This is stated in a study by Data Leakage & Breach Intelligence (DLBI), which specializes in identifying data breaches.
For example, a statement on an account or card of an individual in Sberbank is offered at a price of 12 thousand to 15 thousand rubles per month or from 30 thousand to 35 thousand rubles for six months , the study says.
Whereas last year, similar proposals cost 8-15 thousand and 20 thousand rubles, respectively.
"Bank data is sold every day"
Anti-leakage expert Ashot Hovhannisyan - about where the trade is and how much does the personal information of Russians cost on the black market
At the same time, the median cost of illegal statements on the accounts of Russian cellular subscribers has decreased over the past year from 11,375 to 10,625 rubles per month, according to DLBI.
For example, criminals sell details of calls and SMS from the Megafon client at a price of 15 thousand rubles per month (last year - from 20 thousand rubles). Personal data of a subscriber can be bought for 1.5 thousand rubles, a one-time determination of the location of a subscriber - from 35 thousand rubles, to make a "replacement of a SIM-card" - from 20 thousand to 25 thousand rubles, the study notes.
Megafon and Sberbank did not respond to Izvestia's inquiries about the cost of offering information from their systems on the black market.
The cost of information from government agencies is slowly growing from year to year, but overall remains at a fairly low level, added DLBI experts. For example, “breaking through” the traffic police databases (establishing the owner of the vehicle, information on issuing a driver's license, history of registration actions, fines, etc.) in 2020 costs from 1 thousand rubles, while a year earlier the price started from 500 rubles ...
- The growth in the cost of the "breakout" indicates that the number of offers is decreasing. Credit institutions are gradually taking control of the leaks. At the same time, the decline in prices for mobile penetration illustrates the growth of supply , - said Ashot Hovhannisyan, founder of the DLBI leaks search and monitoring service.
He added that the convergence of the price of "breakout" and the cost of criminal replacement of a SIM-card looks like a dangerous trend: this could lead to a new fraudulent scheme , in which attackers will reissue the SIM card linked to a specific account and take control of it.
One entry about a bank client at a certain point in time (for example, name, phone number and account) costs 10 rubles or more on the black market, Artem Sychev, the first deputy director of the information security department of the Central Bank, said in an interview with Izvestia . According to him, the number of leaks in the financial sector did not increase in 2020.
Izvestia asked the top 30 banks and the four operators if they had documented leaks of customer data during 2020.
There were no cases of loss of information in MKB, Otkrytie and Zenit, their representatives said. Otkritie suggested that credit institutions have begun to pay more attention to combating leaks and the risks of insiders who leak information have increased. This means that the cost of their services has increased .
- Such data is of interest primarily to fraudsters who use social engineering methods. Most often, cybercriminals receive information from medium-sized online stores, which, unfortunately, do not pay enough attention to the protection of personal data, says Vyacheslav Kasimov, director of the information security department of the ICB.
The upward trend in the cost of customer information on the black market is associated with increased protection of personal data systems , they are confident in RSHB.
Bank "Zenith" stressed that credit institutions are constantly improving the protection of information, while fraudsters have not invented new ways to "drain".
Beeline strictly monitors the safety of information about its customers, constantly improving the security systems, the operator's representative told Izvestia.
He clarified that after the transition to a remote work format, these measures were additionally strengthened. Tele2 takes all necessary measures to protect the personal data of subscribers and constantly monitors the safety of this information, the company assured.
The price of banking “breakthrough” services has been growing for several years, and data from cellular operators and information from state systems are getting cheaper, Andrey Arsentiev, head of analytics and special projects at InfoWatch, confirmed the trend .
According to him, the price tag directly depends on the volume of supply. He explained that the purchased information serves as a breeding ground for phishing attacks, and can also be used to apply for loans.
In some cases, it is possible to reissue the victim's SIM card with subsequent access to all of his services, including the mobile bank.
During the spring wave of mass transition to remote work, Rostelecom-Solar experts noted a 25% increase in the number of incidents, Alexei Kubarev, head of the business development group at the Solar Dozor product center, told Izvestia. According to his forecasts, by the end of the year the dynamics will be 38%.
Along with leaks, cases of money theft are also increasing. According to the Central Bank, in the first quarter of 2020, the volume of transactions without the consent of the client increased by 38%, and in the second quarter - by 59% compared to the same periods last year.