As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices.
Voter information is rich with details that could help an attacker learn enough about the victim to steal their identity.
Cybersecurity company Carbon Black, at least one market on the dark web lists for sale voter databases with millions of records.
The researchers "found 20 different state voter databases available for purchase on the dark web, several from swing states," the report informs.
Included in the details are voter IDs, full names, current and previous physical addresses, gender, phone number and citizenship status. These are sufficient for crafting scams that are difficult to detect and protect from.
The researchers say that entities wishing to influence the result of the election could use these details to send targeted campaign materials to the desired audience.
The voter databases emerged on Empire Market and contain data from individuals in 20 states. According to Carbon Black, the seller has records for a total of 81,534,624 voters.
One of the largest caches advertised is from the state of New York, 15 million voters. Another big one is for Florida, 12.5 million, offered for sale since September 1.
It is unclear if the records are genuine or not, as the report focused more on the numbers and the sensitive nature of the data.
The dark web is not the only place to trade voter databases. Earlier this month, BleepingComputer reported about a user on a forum on the clearnet offering to sell information for voter lists from 19 states for prices between $150 and $12,500.
Researchers that assessed some of the information determined with a high degree of confidence that it was valid.
Starting October 19, the seller started to offer a masterfile with all the states for a price of $61,000. He advertised a trove of 200 million records from "every single state."
Carbon Black's report also includes a study about the cyber attacks that kept 37 of its incident response partners busy in the third quarter of the year.
One finding is that most incidents either originated from China and Russia or pointed to a connection with these countries. The amount of cyber attacks considered for the study is 113.
The study underscores that for 32% of the victims the attackers prepared with a destructive component to enable them to remove traces of the incident. One respondent said that many actions from North Korea and Iran carried a destructive routine intended to wipe the machines suspected to make the subject of forensic analysis.
Nearly half of all the attacks, 47 to be exact, came from China and Russia. North America came in third place, followed by Iran, North Korea, and Brazil.
Asked about the locations they saw cyberattacks being launched from, the top answer was China, with 69%, followed by Russia with 59%. The response had multiple choices, so while it does not shed light on the origin of the incident it does suggest traffic or infrastructure in the respective country.