Several underground marketplaces are offering full information packages for sale that contain verified health insurance credentials, bank account numbers, Social Security numbers and other personal information, along with counterfeit physical documents corresponding to the data.
The information packages are known as “fullz” among cybercriminals and cost around $500 each if they include U.S. health insurance credentials, according to security researchers from Dell’s SecureWorks subsidiary who identified several marketplaces where dossiers of this type are being sold.
“Fullz” usually contain full names, addresses, phone numbers, email addresses with corresponding passwords, dates of birth, Social Security numbers (SSNs), Employer ID Numbers (EINs), and financial data such as bank account information, including account and routing numbers, online banking credentials with varying degrees of completeness, or credit card information, including magnetic stripe data and associated PINs.
These information packages can also be accompanied by counterfeit physical documents including credit cards, drivers’ license, insurance cards and more, in which case they are called “kitz,” the Dell SecureWorks researchers said Monday in a blog post.
“Kitz” usually cost between $1200 and $1300, but additional fees of $100 to $500 can be added to expedite orders and to cover the escrow or wire transfer payment commissions, the researchers said.
When sold on their own, health insurance credentials cost $20 each and include the names of those covered by the plan, dates of birth, contract number, group number, type of plan—individual or group, HMO/PPO, deductible and copay information—and insurer contact information for customer service and filing claims. Health plans that have associated dental, vision or chiropractic plans cost $20 more each, the researchers said.
Based on computer network information and “tell-tale signs” in usage of the English language in communications, the SecureWorks researchers suspect that the people behind one of the major operations selling this type of information are located in the U.S.
Hackers will steal anything they can sell and health insurance credentials are becoming more valuable as the cost of health insurance and medical services continues to rise, said Don Jackson, senior security researcher with Dell SecureWorks’ Counter Threat Unit in the blog post.
According to the company, its Incident Response Team investigated a possible cyber intrusion at a large healthcare firm earlier this year and found over 25 versions of a credential-stealing Trojan program called Gatak on the company’s network.
In that particular case it was determined that hackers did not manage to steal any protected health, financial or personally identifiable information, the SecureWorks researchers said. However, other companies might not be as lucky.
Companies should install firewalls around their networks and Web applications, as well as intrusion prevention and detection systems (IPS/IDS) that inspect outbound and inbound traffic for known threats. On endpoints they should run host IPS, an advanced malware protection product and a vulnerability scanner, the researchers said.
Employees should be trained on how to avoid the primary infection vectors when using email and accessing the Web, and their email communications should be encrypted, they said.