According to Blueliv’s credential detection data, since the start of 2018 there has been a 39% increase in the number of compromised credentials detected from Europe and Russia, compared to the same period in 2017 (January-May). In fact, Europe and Russia are now home to half of the world’s credential theft victims (49%).
When Russian credential victims are removed from the dataset, this year-over-year comparison jumps to 62%. The Eurasian growth figures tracked by Blueliv are surprisingly higher than North America’s, which actually recorded a decline by almost half (48%) year over year.
These startling increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.
The report also observes some interesting trends in malware families being used to harvest these credentials. Pony, KeyBase and LokiPWS (also known as Loki Bot) have consistently been the most active stealers since the start of 2017, but Pony has always been several lengths ahead of its malware counterparts in terms of popularity. However, since the start of 2018, Blueliv has observed that LokiPWS has been narrowing the gap: the highest number of stealer samples detected by Blueliv’s infrastructure each month has now become a two-horse race between LokiPWS and Pony.
Read more: Help Net Security