It was reported recently that stolen Twitter accounts are 'more valuable' than credit cards. Commenting on this, Lancope CTO, TK Keanini, said: "This statement is true today but, if you look back, it was not true in the late 2000’s. Today the credit card industry has made it more expensive for cybercrime operations when it comes to monetizing stolen credit card data. However, the theft of a person’s identity in social media means that you now have trusted access to hundreds if not thousands of people for a small window of time during which you can instruct them cleverly to download crimeware that will in turn steal more credentials to not only credit card data but any financial system.

Like the credit card companies, Twitter is also in a co-evolutionary role with the threat. Twitter’s countermeasure is to have users enable their two factor authentication. This effectively puts stolen Twitter credentials vendors out of business; but the problem is that this is still optional to the Twitter user and the bias with the community is that they don’t enable it. As with most information security issues, changing human behaviour is always the most difficult.

Whether defending your personal information or your companies information, you need to think like the adversary and that adversary is a part of a complex and highly effective supply chain. The data they want to take has value in some part of that supply chain and it may not be obvious because you don’t see it as directly monetized like a credit card dumps. This is why we must continuously monitor and adapt to the changing threat environment as they inturn do the same to our defences. Over the coming years, these darkmarkets are going to be more visible because 1) they are interesting and newsworthy and 2) it is where the business of cyber security is being invented and practiced. The business paradox they face is to become more visible and grow their market share or remain dark and exclusive slowing their revenue growth. The adversaries are treating cyber security as a business problem, it is about time that their victims do the same."