Data theft is inarguably big business for hackers. This has been proven time and time again when big-name companies and their customers are involved in a data breach. As these instances appear to take place more often, and the number of stolen or compromised files continues to rise, it’s worth looking into exactly what hackers do with this information after they’ve put so much effort into stealing it.
While some data breaches involve low-hanging fruit – including default passwords and other sub-standard data protection measures – other attacks include increasingly sophisticated cybercriminal activity, backed by in-depth social engineering and research into potential targets. Thanks to these efforts, more than 2.6 billion records were stolen or compromised in 2017, a staggering 88 percent rise from the amount of data hackers made off with in 2016, according to Information Age.
But what takes place after a successful breach and data exfiltration? With all of this information in hand, where do hackers turn next to generate a profit?
Type of data dictates price, post-theft malicious activity
As Trend Micro research shows, the process that stolen data goes through after the initial breach depends largely upon the type of data and from what industry it was stolen.
Personally identifiable information (PII) can include a whole host of different elements and is stored by many brands to support customer accounts and personalization. Researchers discovered that once hackers bring this information to underground markets, it can be used to support identity fraud, the creation of counterfeit accounts, illicit money transfers, the launch of spam and phishing attacks, and even blackmail, extortion or hacktivism.
Let’s take a look at the ways in which other types of stolen data can be used once hackers gather it and bring it to underground marketplaces:
One theft leads to another
A main motivation of hackers is to make off with as much stolen information as possible. This thought process is applied not only to data breaches of specific companies, but also of the data belonging to individual users as well.
“More than 2.6 billion records were stolen or compromised in 2017.”
Take stolen account credentials, for example. A hacker will often leverage a stolen username and password to support further malicious activity and data theft in the hopes of compromising even more personal information.
“Theft of user credentials might even be more dangerous than PII, as it essentially exposes the victim’s online accounts to potential malicious use,” Trend Micro researches pointed out. “Email is often used to verify credentials and store information from other accounts, and a compromised email account can lead to further instances of fraud and identity theft.”
In such instances, a hacker can utilize stolen account credentials to fraudulently access an individual’s email. This may provide the cybercriminal with an email that includes a credit card invoice, giving them even more information for theft, and even the potential to steal, use or sell the victim’s credit card details for further fraud.
What’s more, as Trend Micro researchers noted, certain types of data are often interrelated, and the theft of one set of data often means the compromise of another, connected set. With health care files, for instance, a health care provider may store not only a patient’s medical history, but also their payment information as well. In this way, a breach of the provider could result not only in the exposure of medical details, but patient financial information as well.
What is data worth on underground marketplaces?
As Trend Micro’s interactive infographic shows, there are several different underground marketplaces existing all over the world, and the amount of profit hackers are able to generate depends on where they sell stolen information and the type of details their haul includes.
Experian data fro 2018 shows how profits for certain types of data can quickly add up for hackers, including for assets like:
Hackers also engage in data bundling, where individual pieces of stolen information are linked and packaged together, and then sold in a premium bundle for a higher price. These more complete, fraudulent profiles can include an array of information, including a victim’s name, age, address, birth date, Social Security number, and other similar information.
Working to prevent data theft
As the profit totals hackers can generate from stolen data continues to rise, it’s imperative that businesses and individual users alike take the proper precautions to safeguard their sensitive information.
This includes replacing default security measures with more robust protections, including strong passwords and multi-factor authentication, where applicable. Organizations should also limit access to especially sensitive information and databases to only those authorized users that need to utilize this data.
User education can also be a considerable advantage in better preventing information left. Users that are aware of current threats and know not to click on suspicious links or open emails from unknown senders can represent an additional layer of security against unauthorized access and cybercriminal activity.
To find out more about how to improve data prevention efforts within your organization, connect with the experts at Trend Micro today.