The illegal trade in data on the dark web is flourishing and the anonymous users who show interest in it or even participate are increasing. Stolen data has a long range and rapid dissemination: If data gets into the dark web, it can spread widely. The data sets provided were accessed 24 times within 1100 hours.
Social engineering attack tactics such as phishing not only require technical precautionary measures, but also a corresponding risk awareness on the part of the potential victims. Your behavior can prevent greater damage should an attack occur that bypasses technical protective measures.
Misconceptions increase the risk for companies
Unfortunately, the workforce sometimes persists in the belief that corporate data cannot be interesting prey for cyber criminals. Above all, a misjudgment of the other contributes to this. The idea of hackers is shaped by a stereotype in the broad mass of the population: the talented programmer who, as a loner, chooses targets in order to test his skills. An image that was created in the early days of the Internet and, not least with the help of pop culture, has not completely disappeared from people's heads to this day.
In the past few decades, however, cybercrime has become highly professional. In the digital age, data has become a valuable commodity for which there is a large market. And there are numerous actors who want to benefit from the demand, if necessary beyond what is legally happening. It is therefore hardly surprising that the dark web has developed into an increasingly large data hub in recent years. This is the result of a recent study by Bitglass. For this purpose, a false data phone hypot was shared via the dark web and the access and forwarding of the data was tracked with its own watermark technology. The results provide an insight into the nature of the dark web and the handling of illegal data sets:
- Anonymity simplifies sinister machinations: The dark web is increasingly becoming an area of anonymity. In 2015, 67 percent of visitors were anonymous, and in 2021 it was 93 percent. In the retail sector, 36 percent of the clicks were anonymous, and on the part of authorities it was 31 percent.
- Data from retail and government circles particularly popular: The anonymous dark web user community attracted the greatest attention to alleged data from retail (36 percent) and from the US government (31 percent).
- Cybercrime is international: While attention is often drawn to cybercriminal acts by eastern nation states, it has been shown that IP addresses of suspected hackers also come from US states, Sweden, Belgium and Germany.
- Stolen data has a long range and rapid dissemination: If data gets into the dark web, it can spread widely. The data sets provided were accessed 24 times within 1100 hours. In 2015 it took another twelve days to reach this mark. In addition, the data viewed was disseminated eleven times faster across all five continents.
Compared to the results of the experiment from 2015, a clear development can be determined: The illegal trade in data is flourishing and the anonymous users who show interest in it or even participate are increasing. This is complemented by another worrying trend: Cybercrime is eagerly recruiting young people and using modern technologies to make it easier for programming-savvy newbies to enter the dark industry. The recruited personnel capacities are in turn bundled, guided and strategically deployed.
Identify strategies and motivations for attack
Companies should use such insights to give their employees a realistic picture of cyber criminals. They can help to understand the motivation and the strategy behind cyber attacks and, in an emergency, to make the risk assessment. The following lessons are important in this context:
- Businesses and their data can be a primary goal: this is usually the first scenario one thinks possible. Industrial espionage is a classic motivation behind such attacks. With the professionalization of cybercrime, there are also new possibilities for this: for example, competitors can commission actors from the dark web to hack or steal certain company data so that this can also occur more frequently in the future.
- The data yield does not always have direct monetary value: Some companies are only interesting for hackers because they are in business contact with larger companies, i.e. more lucrative and correspondingly more difficult targets. By attacking service providers and suppliers, cyber criminals attempt to steal data to find ways to infiltrate overarching targets. The e-mail exchange between authentic contact persons can already help to set up a credible fraud campaign against a partner company.
- Hackers use broad collection campaigns: In addition, there are also broad-based data theft campaigns that are not specifically tailored to individual companies, but only aim at a diverse range of data. Suitable data sets from such campaigns are usually passed on to actors who could use them for larger-scale criminal projects.
Creating understanding for diffuse threats
Hacker attacks have always been a diffuse threat to companies. In order to establish a zero trust security strategy as effectively as possible, companies should help their employees to understand the objectives behind a data theft and which attack tactics are used for this. With such a comprehensive, realistic picture of the attacker, employees are more vigilant about possible risks and reflect more critically on their own behavior. In the event of an attack that uses social engineering tactics, you are more likely to make the right decision and prevent damage.
More at Bitglass.com
About Bitglass Bitglass is a global provider of a NextGen CASB solution based in Silicon Valley. The company's cloud security solutions offer agentless zero-day, data and threat protection everywhere, for every application and every device. Bitglass is funded by senior investors and was founded in 2013 by a group of industry veterans who have introduced and implemented numerous innovations in the past.