Report examines new trends in the deep and dark web, how threat actors are exploiting the global COVID-19 crisis, and risks to individuals, executives, and brands
Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, released their 2021 Identity Breach Report, PII Fuelling the Threat Economy: How Crisis Creates Targeted Vulnerabilities for Individuals, Executives, and Brands. The report evaluates data collected from Constella’s extensive database of over 45 billion archived identity records from data breaches and leakages found on the surface, deep, and dark web in addition to trends identified in deep and dark marketplaces over the past year.
Recommended ITech News: Ready Computing and TIBCO Partner to Deliver an Enhanced Customer Experience
The report found that the COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, and other COVID-19 related items being sold in dark marketplaces and underground forums. Constella’s research analyzed the value of personally identifiable information (PII), drawing links between the breach economy, PII, and a range of emerging digital threats to executives and brands. Notably, Constella, observed an exorbitant spike in the price of sensitive personal records sold in the deep and dark web, with the price of driver’s licenses, passports, and ID cards increasing significantly from the previous year analyzed – plausibly due to an increased demand for personal records during the pandemic. Constella’s 2021 Identity Breach Report also includes a deep dive into the top companies in the Energy and Telecommunications sectors that appeared in the Fortune Global 500 list, demonstrating increasing exposure and vulnerability of companies in the sector, employees, and executives over the past year.
“The COVID-19 pandemic has shown us the fragility of our online infrastructure,” said Constella Intelligence CEO, Kailash Ambwani. “As people continue to rely on digital solutions and working from home, both companies and individuals must take new precautions to protect themselves from potential threat actors.”
Key Findings From 2020 Include:
- Nearly 60% of the data breaches analyzed exposed some form of PII and 72% of these breaches included passwords.
- Over 40% of executives from a sample of Fortune 500 companies in Energy and Telecommunications sectors were exposed in a breach over the last 5 years.
- Fortune 500 companies in Energy and Telecommunications have had their corporate domains exposed in approximately 11k breaches/leakages since 2016, and over 40% of these exposures occurred since 2020, indicating worsening security of corporate credentials.
- Out of a sample of 55 Fortune 500 Energy executives, nearly 1/4 have had their passwords exposed.
- Constella observed the sale of vaccine doses—such as AstraZeneca, Pfizer, Moderna, and Sputnik—in multiple dark marketplaces ranging from as little as $8 to as much as nearly $850.
- Crypto-Currency, News, and Healthcare industries saw 120%, 110%, and 51% increases (respectively) in breaches and leakages compared to 2019.
- Compared to the findings in Constella’s 2020 Identity Breach Report, the price of personal records transacted in dark marketplaces increased significantly, including passports (+1,185%), and driver’s licenses (+328%), ID cards (+642%), possibly due to increased demand for false identification records during the pandemic.
“Threat actors continue to find new ways to target individual and company data due to new vulnerabilities created in times of uncertainty and crisis. PII continues to fuel malign activities in the digital ecosystem,” said Alex Romero, COO of Constella Intelligence. “Executives are specifically being targeted for their high-level access within organizations.”
Recommended ITech News: Google Cloud Region Goes Live in Delhi NCR in India