2024年身份暴露报告

TABLEOF CONTENTS THE DIGITAL IDENTITY IN 20232 WELCOME TO THE SHOWDOWN: CYBERCRIMINALS STEP UP THEIR GAME3 THEFIGHT OVER DIGITAL IDENTITIESWHYWE DO THIS REPORTOURSECRET WEAPON: SPYCLOUD RECAPTURED DATA456 TRENDS6 GOTTA RECAPTURE ‘EM ALL: NOTABLE DATA BREACHES19 THESTAKES ARE HIGH: WHAT’S NEXT23 THEAVERAGEPLAYER 4 UNIQUE EXPOSEDUSERNAMES / EMAIL ADDRESSES THEDIGITALIDENTITYIN 2023 1 IN 4 RECORDSCONTAINED INFORMATION ABOUT THEUSER NETWORK OR PHYSICAL LOCATION1 IN 5 CHANCE Based on our analysisof the average digitalidentity exposed andtraded in the criminalundergroundlast year OF ALREADY BEING THE VICTIMOF AN INFOSTEALER INFECTION ––– BASEDON A SAMPLE OF DATA SPYCLOUD RECAPTUREDFROMTHE CRIMINAL UNDERGROUND IN 2023. STAGE 1 WELCOME TO THESHOWDOWN: CYBERCRIMINALS STEP UP THEIR GAME THEFIGHT OVER DIGITAL IDENTITIES Digital identities are embedded in our lives, and their expansiveness makes it harder and harder to protect ouraccounts and business systems from attacks. Data stolen by criminals and traded between bad actors hascontinued to scale dramatically each year. Case in point:SpyCloud’s total collection of recaptured data hasgrown to more than 43.7 billion distinct identity records. And to further complicate an already complex threat landscape, malicious actors are moving beyond thetraditional use of stolen username and password pairs to perpetrate crimes against consumers andorganizations. Using expanded datasets, criminals have increased the scope of their attack patterns, based uponidentity records that come from different sources and that can be linked together using PII, like social securitynumbers or social handles. In this way, users now have to worry about their combined digital identity, which canbe formed by cross-referencing the information that has been stolen about them from dozens or hundreds ofsources. To make matters even worse, criminals have responded to improved authentication technologies by sidesteppinguser authentication methods altogether. Bad actors are able to access stolen session cookies and 2FA secrets toimpersonate their victims, making it extremely difficult to differentiate between legitimate users and criminals. $23,840,000,000,000+ Cybercriminals are clearly cashing in on this opportunity, which is why the global costof cybercrime is forecasted to nearly triple by 2027, from$8.44 trillion in 2022to$23.84 trillion. We see this exponential growth reflected in our own repository of data recapturedfrom the darknet, which totalsmore than 560 billion stolen assetsas of thepublishing of this report. As you’ll see in this report, we’ve observed an increase in next-generation identity attacks that force us toexpand our definition of digital identities and the measures we use to protect ourselves. WHYWE DO THIS REPORT Threats to digital identities are nothing new. However, the fast pace andstealthy nature of a dynamic criminal underground make it hard for securityteams to keep up and proactively defend against new threats. SpyCloud researchers and data scientists examine the trends related toidentity exposure in the criminal underground every year. We keep a tightpulse on darknet activity to understand how stolen data exposesorganizations and consumers to cybercrimes like account takeover, sessionhijacking, fraud, and ransomware. While we consistently see the number of exposed identities growing, in recentyears we’ve also detected a shift in the type of data that malicious actors relyon to compromise identities. In response to this shift, we continue to expandour datasets to explore how emerging and evolving threats put consumers andorganizations at further risk. CRYPTO ADDRESSES The most alarming trend we see today – bar none – is malware.Infostealersand other types of malware exfiltrate valid authentication data like logincredentials and session cookies, and are even beginning to target passkeys. Inthe hands of criminals, this data makes it easy for attackers to mimicconsumers’ or employees’ access to networks and applications with a highdegree of success. SESSION COOKIES IN 2023: 61% of the breaches we recaptured weremalware-related2.This finding reflects the tremendousvalue cybercriminals gain with high-quality dataexfiltrated by malware. API KEYS Most organizations and consumers still are not aware of the massive breadthof digital identity data that is easily stolen from infected devices and madereadily available on the darknet. This report aims to illuminatelesser-understood threats and underscore the risk they pose, so you canprotect users and minimize impacts to your organization. OURSECRET WEAPON:SPYCLOUD RECAPTURED DATA SpyCloud collects, curates, enriches, analyzes, and automates the remediation of recaptured data from breaches,malware infections, and other sources in the criminal underground. With SpyCloud, security teams act on trueevidence of compromise to mitigate the risk of damaging attacks that rely on the use of stolen data – preve