Difficulties in monetizing stolen data

Last year broke all records in the number of leaks of various password databases and other user information. We are already beginning to get used to the inner feeling that someone at any moment can get into our computer / smartphone and manage there. Not to mention the fact that trusting someone with information about yourself is becoming more and more risky, given the wholesale wholesale leaks at every turn. In this situation, the fact that information security systems are developing and hackers every year becomes not only harder to steal, but also to monetize our data, this makes us happy.

As you all probably already know, at the end of November 2014, hackers managed to penetrate the internal network of Sony Pictures Entertainment. After some time, the company began to blackmail with the demand for money. Sony Pictures did not go along with the attackers and refused to pay, as a result of which gigabytes of stolen information were published online, including data on employees and their salaries. Despite the fact that hackers failed to cash in on Sony Pictures itself, the stolen data still costs money. But the specific price depends on a number of factors, and today it is not as easy to sell stolen data as in previous years.

Another high-profile case of last year: from April to September, Home Depot had stolen information about 56 million bank cards of their clients and 53 million email addresses. This has become one of the biggest hacks in history. Soon, portions of the database with credit card numbers began to emerge on the black market, and prices depended on the potential availability of cash. Fortunately, banks today are blocking compromised cards very quickly, which forces fraudsters to steal more and more numbers to compensate for falling incomes.
')

Hard weekday cheater

For example, out of 10,000 stolen credit cards, only about 100 can potentially bring income to thieves, and only about 10 will turn out to be really profitable, says Alex Holden, founder and director of information security of Hold Security , a company specializing in searching stolen credit cards in clandestine sites. He also noted that today it has become more difficult for hackers to steal such information thanks to the development of protective equipment.

Hackers need lists of email addresses of potential victims, tools for creating spam messages that bypass filters on mail servers, and specialized malicious software that antivirus programs do not intercept. As in the days of the "gold rush", when many traders profited from selling shovels and other tools, today trading with stolen lists and tools for fraud and hacking is equally flourishing. But all these costs are fully covered by the income of hackers.

“ You cannot do a serious operation alone, ” says Holden, whose company at one time discovered gaps in the security systems of Target and Adobe Systems. “ At the same time, each participant in the chain must pay. "



One of the ways to speed up the cashing of stolen data is to create trading accounts in fake payment systems. Thus, bank cards can be used to pay for fake transactions, managing to withdraw a lot of money from the accounts before banks manage to block them. One of such underground payment systems is Voxis Platform . It allows fraudsters to increase profits from stolen card numbers through automated withdrawals on a schedule.

“ Today, cybercriminals do not have enough resources to monetize stolen data in large volumes, ” said Andrew Komarov, CEO of IntelCrawler. “The marginality of this business today is small, and selling large numbers of card numbers is very problematic. "

The hackers are trying to solve the problems, increasing the volume of thefts, concentrating on organizations with weaker protection systems. “ Today, it is no longer enough for attackers to simply get credit card data, ” says Steven Cavey, director of corporate development at Ground Labs , which creates tools that allow companies to detect vulnerabilities in their networks. “ Now they are trying to steal as much personal information as possible. "



According to Caivey, the personal information of real people is used to get money from companies that offer a payday loan online service. Fraudsters provide credit organizations with as much stolen information as possible in order to look like honest and law-abiding citizens in the eyes of the security services checking applications for a loan.

Good old blackmail

Another trend was the blackmailing of organizations from which information was stolen. But it is unlikely that big companies such as Sony Pictures will pay hackers for not posting the stolen items in open access. After all, like any other blackmailer, hackers will then appear with new requirements.

One of the cases where attackers may succeed in forcing an organization to pay is encryption of vital data for it. Yes, and ordinary users of the network for about 10 years suffer from malware, blocking their computers and requiring money in exchange for the unlock code. Modern versions of such malicious programs are also actively using file encryption on the hard drives of infected machines.

The only effective protection against programs that require a ransom, like the infamous Cryptolocker, is to regularly create backups of all important information. Otherwise, you will have to pay approximately $ 500 in bitcoin equivalent for decrypting each infected computer. And there are cases when, after payment to the extortioners, the decryption code is not sent, with all the consequences.

Tourism on the line

According to Holden, in the near future we can expect an increase in hacker interest in the tourism industry, where you can steal bonus miles and other types of awards for loyal customers. This forecast is also based on the fact that the tourist market is very poorly controlled, and many of its participants attach little importance to information security. Already there have been cases of creating fake travel agencies, whose customers provided a lot of information about themselves, including bank cards and savings discounts accounts. Bonus miles and points can be monetized in various ways. For example, exchange for real goods during various actions, or convert to gift cards. Airlines update the information on the number of bonus miles on accounts every 2-30 days. This gives hackers enough time to monetize their prey.

* * *



As you understand, today the issue of information protection is more urgent than ever, for ordinary users and for companies. Therefore, in one of the next publications, we will describe in detail about the remedies implemented in Yota Phone 2. In order not to miss this post, we recommend that you subscribe to our blog.