Blueliv Cyber Threat Intelligence Report. Q3 2014

Here you are the main conclusions of the just analyzed cyber threats that have been apparent on a global level during the third quarter of 2014, comparing them with the second quarter of the year. Once again, the main point is that cyber threats continue to be increasingly more frequent and their impact keeps growing. As the economical losses, reputational damage and impact on customer trust can be devastating, we’re calling on businesses to invest in building a robust cyber security strategy to keep their customers’ data safe, and help mitigate security breaches.

analyzed data

To carry out this report, Blueliv has analyzed 5 million stolen credentials and credit cards, 130,000 malware samples and 500,000 crime servers collected by its intelligence platform designed to tackle cyber threats.


This third quarter of 2014 the US has continued to be the first country in credit card information theft, as a 59% of the credit and debit cards that have had their data stolen have been issued in US. One of the reasons for this can be the easiness to steal credit card data there, due to the lack of chip. If a commerce is infected, it is not difficult to rob the data of the credit cards used to buy in it.

credit card thefts

However, the supremacy of this country has come down, as 67% of the global thefts took place there in the second quarter. It is followed by Canada, UK, Brazil and Mexico.

Methods of theft vary greatly and fraudsters are always finding new, innovative methods to steal credit data. Among the most common methods are memory scrapping, which involves infecting chip and pin terminals with malware, and ATM tampering, often through false magnetic readers, hidden cameras or even fake keyboards which cover the original.

The average price of a credit card data on the black market has dropped to less than the half of the value this quarter, from $5.5 to $2.6 per card. Prices vary depending on the type of card and on the marketplace. Oddly enough, prices are usually lower in US.


Alongside credit card theft the research highlighted the growing problem of credential theft, where individuals and businesses that do not have appropriate security measures in place are subject to the leaking of thousands of sensitive credentials. This includes everything from bank details to confidential business documents mainly caused by malware, fraudulent websites and phishing attacks.

The number of analyzed credential thefts has tripled (x 3,3) in comparison with Q2. Blueliv is taking forward great efforts in this area due to the high impact of these thefts in targeted attacks.

This quarter 26% of the detected credential thefts have been in Bulgaria, 17% in Germany, 8% in France and 7% in Lithuania. These thefts have taken place mainly through Pony, Citadel, Zeus and Iceix botnets.

credential thefts by industry

As far as the industry types are concerned, the most affected ones have been Media, Social Networks & Advertising (41%) and Technology & Telcos (37%), followed by retail with 8%.


The research also showed that the primary method by which credit card information and credentials are being stolen is through botnets – the number of C&C crime servers has risen a 61,53% in comparison with Q2.

C&C crimeservers

While 38% of C&C crime servers were geolocated in the US, 30% have been found in countries from the European Union.

malware types

Regarding malware types, most of the analyzed malware samples were Zeus (40%), followed by Andromeda and Citadel (11% each).

malware geolocation

As for the geolocation of the malware (the location of the servers that contain malware), 63% of the analyzed malware was based in China, 20% in the US and 5% in France, based on the geolocation of malware crime servers.

To finish with the analysis, China has occupied the first position in malicious URL geolocation, with 48% of the global amount. With 26% of the global malicious URLs, the US has been ranked second.

You can download the 2014 Q3 Cyber Threat Intelligence Info Graphic and here are the links to the Q1 and Q2 Info Graphics in case you missed them.

Dark Commerce

Exploring the cybercrime industry and its business models: part 1

Read free report
Demo Free Trial MSSP