Pakistani domains caught in global data theft; over 2 million logins compromised in 2023

LAHORE: Credentials of over 2 million .pk domain websites of Pakistani origin are compromised with data-stealing malware, while nearly 10 million devices worldwide fell victim to data-stealing malware in 2023, IT experts said on Wednesday .

The cybercriminals are pilfering an average of 50.9 login credentials per infected device; the threat posed by data-stealers is growing for both consumers and businesses.According to the Kaspersky Digital Footprint Intelligence report, nearly 10 million devices fell victim to data-stealing malware in 2023.

According to Kaspersky’s data, 443,000 websites worldwide have experienced compromised credentials in the past 5 years. The .com domain leads in compromised accounts with nearly 326 million logins and passwords for websites on this domain being compromised by infostealers in 2023. Meanwhile, the compromised accounts of the.pk domain in Pakistan reached 2.4 million.

The data further shows that almost 10,000,000 personal and corporate devices were compromised with data-stealing malware in 2023, amounting to a 643 percent increase over the past three years. The actual number of infections is likely to be even higher than 10 million. According to Kaspersky's assessment of infostealer log-file dynamics, the number of infections that occurred in 2023 is projected to reach roughly 16,000,000.

P@SHA chair of the Cybersecurity Committee, Azam Mughal, talking to The News, said that Pakistan's National Cyber Security Policy 2021 aims to improve cybersecurity for citizens. While specific regulations for individual users might be evolving, the policy focuses on creating a secure digital ecosystem.

He suggested that strong passwords and Multi-Factor Authentication (MFA), understanding phishing attacks, are some key areas where one should concentrate to avoid disaster or formulate a security strategy for users in Pakistan.

Furthermore, Azam suggested that "don't click on suspicious links or attachments in emails or SMS and verify website legitimacy before entering login credentials. Look for HTTPS and a valid security certificate".

The users shall keep updating their software and anti-malware protection and avoid using public Wi-Fi.The report pointed out that cybercriminals are pilfering an average of 50.9 login credentials per infected device, the threat posed by data-stealers is growing for both consumers and businesses. The data on infected devices stems from the dynamics of infostealer malware log-files actively traded in the underground markets and monitored by Kaspersky to help companies ensure the security of their clients and employees.

Other cybersecurity experts believe that threat actors either utilize these credentials for their own malicious purposes, including perpetrating cyberattacks, or sell or distribute them freely on dark web forums and shadow Telegram channels. These credentials may encompass logins for social media, online banking services, crypto wallets, and various corporate online services, such as email and internal systems.

Technical group manager at Kaspersky, Hafeez Rahman, said that the dark-web value of log files with login credentials varies depending on the data's appeal and the way it's sold there. Credentials may be sold through a subscription service with regular uploads, a so-called "aggregator" for specific requests, or via a "shop" selling recently acquired login credentials exclusively to selected buyers.

"Prices typically begin at $10 per log file in these shops. This highlights how crucial it is both for individuals and companies – especially those handling large online user communities – to stay alert. Leaked credentials carry a major threat, enabling cybercriminals to execute various attacks such as unauthorized access for theft, social engineering, or impersonation," Hafeez said.

Azam suggested that the users should stay informed about cybersecurity threats. They should look for reputable sources like news articles from established publications or advisories from Pakistan's National Telecommunication Authority (PTA). Consider using a Pakistani DNS service provider that may offer additional protection.By following these steps, users in Pakistan can significantly improve their online security posture.

Hafeez advised individuals to use a comprehensive security solution for any device to guard against data-stealing malware. Furthermore, companies can help their users, employees, and partners protect themselves from this threat. They can proactively monitor leaks and prompt users to change leaked passwords immediately.