Middle East's carding market drops by 49%: Group-IB

Doaa A.Moneim , Wednesday 8 Dec 2021

The carding market, the trafficking and use of stolen credit cards, in the Middle East fell by 49 percent during the second half (2H) of 2020 and the first half (1H) of 2021 to reach $24.4 million, down from $47.6 million a year earlier, stated Hi-Tech Crime Trends 2021/2022, a report released by Group-IB.

 Middle East

Group-IB is a solution provider that operates in detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and intellectual property protection, headquartered in Singapore.

The report, a copy of which was shared with Ahram Online, showed that 1,546,842 bank cards were sold to Middle East customers during the 2H of 2020 and the 1H of 2021, recording a 34 percent decline on the year before, when 2,353,854 bank card were sold.

Globally, the carding market dropped by 26 percent during the 2H of 2020 and 1H of 2021 to post $1.4 billion, down from $1.9 billion a year earlier, the report said, attributing the drop to the lower number of dumps (data stored on the magnetic stripe on bank cards) offered for sale.

“The number of offers shrank by 17 percent in the mentioned period, from 70 million records to 58 million. Meanwhile, the average price of a bank card dump fell from $21.88 to $13.84, while the maximum price surged from $500 to $750,” the report explained.

At least 50 organisations in the Middle East were attacked by ransomwares in 2021, the report added.

“To compare, in 2020, the data on 27 companies in the Middle East was released on DLS, which is an increase of 85 percent. In 2021, the majority of publicly known ransomware attack victims in the Middle East originated from Turkey (20 percent), the United Arab Emirates (18 percent), Saudi Arabia (18 percent), Israel (10 percent), and Iran (six percent),” the report stated.

In this respect, the report identified 21 new ransomware-as-a-Service (RaaS) affiliate programmes, a 19 percent increase during the 2H of 2020 and 1H of 2021 compared to the previous year.

During the same period, cybercriminals mastered the use of data leak sites (DLSs), which are used as an additional source of pressure on their victims to make them pay the ransom by threatening to leak their data, according to the report.

The report pointed out that victims, however, can still find their data on the DLSs even if the ransom was paid, unveiling that the number of new DLSs more than doubled during the 2H of 2020 and 1H of 2021, reaching 28 sites, compared to 13 sites in the period between H2 2019 and H1 2020.

Short link: