A data breach, in itself, is a damaging event. This signifies that an organization has been infiltrated by hackers and that these malicious actors may have snooped or stolen sensitive, mission-critical information.
With news of major breaches coming more often than ever, many in the technology and enterprise industries don't even bat an eye. However, Trend Micro noted in its Q3 Threat Analysis report that recently, a worst-case security scenario has come true for some in real life. Data breach dumps – where hackers publicly release the details stolen during a breach – have led to extortion and a rash of subsequent attacks.
Hacking Team data breach dump
One of the most recent high-profile data breach dumps involved the Italian organization Hacking Team. Trend Micro reported in its Q3 Security Roundup that in July, Hacking Team noted a considerable amount of its sensitive information – a total surpassing 400 GB – was leaked to the public after a breach. These details included proprietary company data, including information that highlighted new vulnerabilities in Hacking Team's infrastructure.
Several exploits were discovered soon after the initial Hacking Team attack, including:
- Two Adobe vulnerabilities and one Windows exploit on July 7.
- Two Adobe Flash zero-day exploits on July 11.
- An Internet Explorer zero-day exploit on July 14.
- A Windows zero-day exploit on July 20.
These vulnerabilities would soon impact a significant number of users after their discovery. Trend Micro estimated that the Windows exploits alone would affect 78 percent of all desktop users, and the Internet Explorer exploit could impact 27 percent of desktop browser users.
Ashley Madison hack
The Ashley Madison breach was another security event that took the world by storm this year. According to Trend Micro's report, hacktivist group Impact Team made it their business to leak the sensitive details of more than 30 million users. This public release of information – which came after warnings to site owner Avid Life Media from the hackers themselves – gave way to attacks on the individual users.
"Attackers quickly leveraged the leak to launch extortion attacks, blackmailing users to pay 1BTC (~US$291)* or their families and friends would know their dirty secret," Trend Micro stated. "As the Ashley Madison leak showed, data breaches can be personal and lucrative at the same time."
Overall risk: Making security a priority
While these events mark a new kind of attack – and previously unseen consequences – they also only increase the chances that a user or business will become a victim. Trend Micro analysts predict that it is only the beginning when it comes to data breach dumps and attacks that build off the information leaked in those events.
"Bigger and better-secured organizations may experience breaches of their own if ever attackers successfully manage to leech off data from their smaller, less secure partners," Trend Micro noted. "Consumers may also find their personal information at risk if companies continue to get breached due to this lateral progression of attacks."
In order to reduce risk, security must be a priority. At the same time, contingency and recovery plans must also be in place to ensure the organization can respond quickly in the event that a breach does take place.
Safeguard your business's sensitive data with protection solutions from Trend Micro.