Malware data theft cases increase 7 times since 2020

The (.com) domain had the most compromised accounts, followed by domains associated with Brazil (.br), India (.in), Colombia (.co), and Vietnam (.vn). Of these, the (.vn) domain had 5.5 million compromised accounts in 2023.

In light of the growing threat, Kaspersky has launched a dedicated landing page to raise user awareness of the issue and provide strategies to mitigate risks and damage.

While the number of malware infections and memos in 2023 is expected to decline slightly by 9% compared to 2022, that doesn’t mean that credential hijacking by cybercriminals will slow down. Kaspersky believes that some of the credentials stolen in 2023 will be leaked to the dark web at some point in 2024, so the actual number of infections is likely to be higher than 10 million .

According to Kaspersky's assessment of the ability to penetrate the logs of information thieves, the number of infections occurring in 2023 is expected to reach around 16 million.

On average, cybercriminals stole 50.9 credentials per infected device, indicating a growing threat to individuals and businesses. Threat actors will use these credentials for nefarious purposes such as launching cyberattacks, selling or distributing the information freely on dark web forums and underground channels on the Telegram platform.

According to Kaspersky data, 443,000 websites worldwide have had their credentials stolen in the past five years, which can include logins to social media platforms, online banking services, e-wallets, internal systems and corporate emails.

Accordingly, the (.com) domain had the highest number of compromised accounts. Nearly 326 million logins and passwords of websites on this domain were compromised in 2023. Next was the (.br) domain with nearly 29 million compromised accounts, followed by (.in) with 8.2 million, (.co) with nearly 6 million, and (.vn) with over 5.5 million.

To protect information from data-stealing malware, users should use a comprehensive security solution for all devices. This will help prevent infections and alert them to dangers, such as suspicious websites or phishing emails that may be the source of infection.