India is the Worst Malware Victim, 600.000 Population Data Sold in Bot Market

JAKARTA - Around five million people worldwide have had their data stolen and sold on bot markets to date. In fact, about 600.000 of them came from India, which makes it the country most affected by data theft. This is said by the provider of the world's largest VPN series, NordVPN.

Bot marketplaces are used by hackers to sell stolen data from victim devices with bot malware.

The study by NordVPN, from Nord Security Lithuania, says the data stolen included user logins, cookies, digital fingerprints, screenshots and other information, with the average price for a person's digital identity pegged at 490 Indian rupees ($9).

NordVPN has tracked data theft for the past four years, since the bot market was launched in 2018.

India has been dealing with cyber security issues for a while. As recently as last month, multiple servers of the All India Institute of Medical Sciences (AIIMS), a federal government hospital serving ministers, politicians and the general public, were infected with malware on November 23, a senior Indian police official told Reuters.

Times of India also reported, a week after the ransomware attack on AIIMS, the Indian Council of Medical Research (ICMR) faced around 6.000 hacking attempts within 24 hours on November 30,

India's cybersecurity rules were only tightened earlier this year, with the Indian Computer Emergency Response Team (CERT) requiring technology companies to report data breaches within six hours of becoming aware of the incident and to maintain IT and communications logs for six months.

The NordVPN study looked into three major bot markets - Genesis market, Russian Market, and 2Easy - and found stolen logins including from Google, Microsoft and Facebook accounts.

“What makes bot markets different from other dark web marketplaces is that they can get large amounts of data about one person in one place,” said Marijus Briedis, chief technology officer at NordVPN, as quoted by Reuters.

"And once the bot is sold, they guarantee the buyer that the victim's information will be updated as long as their device is infected by the bot," said Briedis.

NordVPN researchers found 667 million cookies, 81.000 digital fingerprints, 538.000 autofill forms, multiple device screenshots, and webcam shots in their research.