Stolen Singaporean Identities Sold on Dark Web Starting at $8


Cybersecurity firm Resecurity reports that cybercriminals are selling stolen digital identities of Singaporeans on the Dark Web with prices starting at $8. Researchers found numerous instances of stolen identity information on Dark Web and underground cyber crime platforms, including the leading Russian language marketplace for stolen identities ‘XSS’.

Researchers noted that the number of underground vendors selling stolen identity data of Singapore citizens in 2024 Q2 has increased by 230% compared to 2023. The spike was identified by metrics like the sudden increment in the mentions of “Singpass” (Singapore Personal Access) on the Dark Web.

“Our statistics show that starting from April 15th, 2024, we have registered a significant increase in data dumps with a significant number of records (from 10,000 and more) being offered by multiple actors this month.”

Resecurity

As per Rsecurity’s report shared with Hackread.com ahead of publishing on Monday, throughout Q1/Q2 2024, infostealers and social engineering techniques remained a key cause of Singpass accounts compromise, which can be exploited for money laundering. In June 2024, Resecurity recovered over 2,377 compromised Singpass accounts from the Dark Web and notified affected individuals.

Screenshot from the data being sold (Credit: Rsecurity)

Between October 2023 and June 2024, several underground vendors monetized stolen identity data, including passports, identity cards (IC), and sanitized driving licenses. Moreover, cybercriminals are selling national ID templates for Know Your Customer (KYC) purposes (passports, driving licenses, utility bills and banking statements), and offering services to create forged documents, verify accounts, and pass KYC checks.

This suggests undisclosed data breaches affecting Singapore citizens, leading to a surge in leaked KYC documents, primarily involving selfies, which the Singaporean government requires for verification purposes. 

Additionally, these Dark web platforms are selling compromised access to sensitive data from critical sectors such as healthcare, lending, e-commerce, and financial platforms. However, these malicious attacks do not end there. Researchers have also found evidence of several scam groups targeting citizens through telemarketing or customer support services.

It is concerning that the stolen data includes biometric information such as fingerprints and facial data, which can be illegally reused for forged documents, access manipulation, and other malicious scenarios by cybercriminals. Using Deep Fakes and AI-powered techniques, nation-state and foreign actors will need this data for intelligence gathering and infiltration activities.

Compromised digital identities expose Singaporeans to risks like financial loss, identity theft, and reputational damage. It is, therefore, crucial they are cautious of phishing attempts, use multi-factor authentication (MFA), and stay informed on the latest cybersecurity threats.

  1. Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
  2. LastPass Dodges Deepfake Scam: CEO Impersonation Thwarted
  3. Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam
  4. Thousands of Stolen AnyDesk Login Credentials Sold on Dark Web
  5. Deepfake Threat: $2 Deceptive Content Undermines Election Integrity





Source link