Data is a hot commodity on the Dark Web where people buy and sell sensitive information, much of it stolen through network breaches. Usernames, passwords, account numbers, financial records, credit card details, medical records—all of these are up for grabs. And with today’s savvy cyberattacks, it’s not a matter of “if” but “when” your organization may suffer a breach. A report released Tuesday by security provider Bitglass looks at how stolen data winds up on the Dark Web and offers advice on what you can do to better protect yourself and your organization.
SEE: Ebook: IT leader’s guide to the Dark Web (TechRepublic Premium)
To compile the 2021 edition of its “Where’s Your Data?” report, Bitglass created a number of fake account usernames, emails and passwords purportedly compromised through the RockYou2021 password compilation leak and a recent LinkedIn scraped data incident.
Bitglass researchers posted links to the phony data on the Dark Web as a way to give buyers access to the networks of different organizations. To track the flow of the fake data and see how it was used, the researchers embedded the files with watermarking technology.
Based on its tracking, Bitglass discovered that the stolen data had a wider reach and moved more quickly than in the past. The phony data was viewed more than 13,200 times versus just 1,100 times during a similar experiment in 2015. Previously, the stolen data took 12 days to reach 1,100 link views. In 2021, it took less than 24 hours to hit that number.
Cybercriminals are most anxious to grab data from retail companies and government agencies, according to the research. Among the top three categories, retail data accounted for 60% of the views on Dark Web, pirated content accounted for 13% and gaming data for 12%. Drilling down further, retail data accounted for 37% of the Dark Web clicks, government data for 32% and pirated content for 10%.
“Gaining access to large retailers’ networks remains a top priority for many cybercriminals wishing to deploy ransomware and extort payouts from large and profitable organizations,” Mike Schuricht, leader of the Bitglass Threat Research Group, said in a press release. “Similarly, interest in the U.S. government information is likely either from state-sponsored hackers or independent hackers looking to sell this information to nation states.”
SEE: What your personal identity and data are worth on the Dark Web (TechRepublic)
The breached data traveled farther around the world than in the past as it was downloaded by criminals across five different continents. But the U.S. accounted for the highest percentage (35%) of people who opened the breached data. Other countries where a significant number of people accessed the data were Kenya (33%), Romania (10%), China (8%) and Sweden (4%).
The tools used by cybercriminals to download stolen data have changed. In 2015, no virtual machines were used to access the data. In 2021, several tools were used, including Amazon Web Services and Google Cloud Platform. Further, the number of people using anonymous VPNs and proxies to access the Dark Web in the 2021 experiment shot up to 93% versus 67% in 2015.
“In comparing the results of this latest experiment to that of 2015, it is clear that data on the Dark Web is spreading farther, faster,” Schuricht said. “Not only that, but cybercriminals are getting better at covering their tracks and taking steps to evade law enforcement efforts to prosecute cybercrime. Unfortunately, organizations’ cybersecurity efforts to protect data have not kept pace, as evident by the continuous onslaught of headlines reporting on the latest data breaches.”
To prevent your organization’s data from falling into the wrong hands and being traded on the Dark Web, Bitglass offered the following six tips:
- Implement a Zero Trust framework.
- Ensure that your security protection extends to any device no matter its location and not just on the internal corporate network.
- Establish processes to track the location and access of your data and user credentials.
- Set up training and other initiatives to help employees learn and practice good cybersecurity hygiene.
- Block SaaS app logins and access attempts with a cloud access security broker (CASB). This will prevent activity from unfamiliar and suspicious locations.
- Create a security strategy independent of your underlying operating system.