Auctioned info on the dark web enforces need for better protection
At Bytagig we talk a lot about the need for good password management, and nowhere is that more important with recent news of a massive info leak. Specifically, 15 billion login credentials were exposed to the dark web, meaning bad news for, well, everyone really.
What hackers do with those credentials varies, but rest assured none of it is good. Typically it ranges from credential stuffing attacks, DDoS, attempts to compromise business data, bypassing securing, and more. According to reports, it’s the result of over 100,000 data breaches whereby attackers take off with compromised info.
Into the digital dark market
Digital Shadows, a data-loss detection firm, paints a harrowing picture about the fate of data once it’s stolen.
Many are victims and each target has its information sold or auctioned to malicious parties on various dark-websites. The info stolen typically comes from different websites like social media, VPN services (that’s right), file sharing, adult, and game media. According to Digital Shadows, the compromised info is sold for an average of $15-43. Higher tier accounts, like banking info, fetch a higher price of around $70 or so.
Here’s one such image to give an example:
If you feel gross after giving the above image a look, we’re with you. Info stolen and sold like a commodity on a market, when in reality, this is someone’s entire life. Someone could get hurt and suffer because of it (a reason at Bytagig we’re so passionate about thwarting these things).
It’s not just small targets though. Hackers are willing (and very capable) of going after big names and industries. Again, as reported by Digital Shadows, some auctions go into the thousands, targeting business models in the “university, petrochemical, and cybersecurity” sectors.
How does it happen?
Primarily, hackers and malicious third parties steal credentials with “account takeover tools.” The goal, as you can see, is to make money, accomplished through a variety of methods, such as:
- Account rentals (gaining access to an account for a brief period)
- Credential stuffing attacks
- Artificial identity creation
- Account defrauding
It isn’t a free for all, though. Even if hackers gain access to the sold info, there are still safeguards in place to stop them. For example, fingerprint ID and two-factor authentication are a handful of ways that prevent access to accounts. Additionally, flags and alerts typically trigger if an account is accessed from an unfamiliar location (you know, like another part of the world).
However, it wouldn’t be a threat if hackers didn’t have workarounds. Some hacked credentials have stolen data to accompany the compromised info as to avoid triggering alerts (like timezone data and cookies). Advanced tools are also available to hackers with provide a dangerous arsenal of cloak-and-dagger techniques. Some tools, like Sentry MBA, can allow for millions of bypass attempts for stealing user data.
What can be done?
Isn’t that the question? While there are diverse steps to take for thwarting hacker attacks, the tried and true method is a combination of 2FA and MFA (two-factor and multi-factor authentication).
Two-factor authentication requires a second login or passphrase when signing into an account, whereas multi-factor authentication requires this but with the addition of an authenticating device. The reason it thwarts the above attacks we’ve listed is because hackers won’t have access to multiple devices (or shouldn’t, we hope).
