You may not have given much thought to the log files on your computer. But hackers love them because they know their potential. Hackers sell them, typically, for $10 each. It looks like peanuts, but imagine the data that the buyer gets by paying $10 a piece.

“The dark-web value of log files with login credentials varies depending on the data’s appeal and the way it’s sold. Credentials may be sold through a subscription service with regular uploads, a so-called “aggregator” for specific requests, or via a ‘shop’ selling recently acquired login credentials exclusively to select buyers,” Sergey Shcherbel, expert at Kaspersky Digital Footprint Intelligence, said.

Prices typically begin at $10 per log file in these shops. This highlights how crucial it is both for individuals and companies – especially those handling large online user communities – to stay alert.

“Leaked credentials are a major threat, enabling cybercriminals to execute attacks such as unauthorised access for theft, social engineering, or impersonation,” he said.

With cybercriminals pilfering an average of 50.9 login credentials per infected device, the threat posed by data stealers is growing for both consumers and businesses. 

Even though the number of log files – and, therefore, infections – in 2023 has only declined marginally by 9 per cent compared to 2022, it doesn’t imply that cybercriminal demand for logins and passwords has stagnated.

“It is possible that some credentials compromised in 2023 could be leaked to the dark web at some point during the current year. Therefore, the actual number of infections is likely to exceed 10 million,” he said.

According to Kaspersky’s assessment of infostealer log-file dynamics, the number of infections that occurred in 2023 is projected to reach about 16 million.

Compromised websites

As many as 4.43 lakh websites worldwide have experienced compromised credentials in the past five years. The .com domain takes the lead, with about 326 million logins and passwords for websites on this domain being compromised by infostealer malware in 2023.

The .in domain (associated with Indian websites) ranked third with 8.2 million compromised accounts, preceded by the Brazilian domain (.br) with 29 million compromised accounts.

Cybersecurity experts at Kaspersky said about 10 million devices fell victim to data-stealing malware in 2023, drawing from insights gathered from infostealer malware log files traded on underground markets. 

The .com domain leads in compromised accounts, followed by domain zones associated with Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn). In the .in domain, associated with India, compromised accounts reached over 8 million in 2023.

Spurt in attacks

A Kaspersky report said the number of compromised devices with data-stealing malware has gone up by over six times in the last three years. 

How to stay safe

People are advised to use a comprehensive security solution for any device to stay safe from infostealing malware.

“This will help prevent infections and alert them to dangers such as suspicious sites or phishing e-mails that can be an initial vector for infection. Companies should proactively monitor leaks and prompt users to change leaked passwords immediately, Kaspersky said.