Cybercriminals: how they monetize your stolen data?

RapidVPN/ April 18, 2020/ Blog/

We are long past the time when the 14-year old teenage hacker was trying to spoof a defense network for the fun of it and just because they can. It still happens, but one thing is clear – hacking has become big business.

Everyone has notice of China allegedly managing to steal billions of dollars annually in intellectual property and of ransomware attacks that estimate to top $5 billion in 2017, of various data breaches and different cybercrimes. These happenings have been keeping CISO and rank-and-file security managers literally on their toes.

Cyberattacks on small to medium and even large businesses are an all-time high. Just when the companies are thinking that they are ticking the right boxes on their IT security checklist, they fall prey to cyber thieves who then make millions of dollars of stolen business data.

Every company has to keep in mind that if that ever happens to them, they should acknowledge the company’s negligence, issue an apology, compensate affected clients – those are some of the steps to make try to make things right. But one more important step is knowing what hackers do with business’s stolen data so that it can help to make a better plan of what to do after an attack.

Usually, after a successful hacking, hackers will organize the data they have stolen. Names, contact information, addresses, financial details, all sorted out so they can then decide which of it will fetch the highest prices in the black market. One rule applies all the time: the more recent info, the more valuable it is.

Dark Web

The dark web is the hidden part of the internet that requires special software to access. This is the place where most of the hackers search for anonymous buyers and where most of the organized crime rings and spammers reside.

One should know that aside from being technology geniuses, some of the hackers are also businessmen. They will most probably appraise the data they have obtained based on the current black-market rates. Corporate and government data are most generally deemed more valuable, but hackers can easily find buyers for small businesses’ data, it appears that these kinds of compromised personal information can be sold for as much as $20 per credential.

Selling Credit Card Information

What surprises most of the people is the fact that credit card information is deemed less valuable than personal information like name, date of birth and social security number. Still, cybersecurity thieves profit from selling credit card information to “carders” who then use them to purchase gift cards from Amazon, Target, eBay. These cards will then be used in order to purchase a variety of consumer goods that will be sold through illegitimate means.

Selling Social Media Credentials

The more surprising fact is that for example, Twitter handles may be worth more than credit card information to some hackers. That’s the main reason why skilled hackers will try to gain social media credentials first.

Enabling access to social media allows hackers to gather more information about a business and then to use them to launch nefarious schemes.

Selling Old Data in Bulk

There is a way of selling months-old credentials also, which cybercriminals bundle and sell at a discount. If the business data gets stolen and a company hasn’t taken steps to mitigate the damages, the care of it should be taken as soon as possible because it may still be floating around the dark web even several months after the breach.

It is a known truth that hackers are highly organized and strategic, but it is not impossible to protect businesses from various cyber scams. Managed Services Providers (MSPs) still highly recommend companies to back up their data and to take every conceivable precaution in protecting them. There are solutions for backing up the entire systems and making these backups easily recoverable in case of any data compromise.

There is also something knows as Cyber Insurance. What surprises is the fact that many business owners are still unaware of this new policy type. Cyber insurance can help cover the losses and the expanses in the business and managing the costs of dealing with such an incident.

Knowing what’s been done to the company’s data after they have been stolen can help a business owner to create a better plan in order to decide his next steps and to manage the client’s expectations. Having a trustworthy MSP working on their side, this bleak scenario is much less likely to occur.

Source: DigitalForensics, SCmagazine