Please fill in the form below to subscribe to our blog

Categories

Tags

BullPhish ID Dark Web ID Email security Graphus incident response phishing ransomware Rocketcyber Week In Breach

8 Ways Cybercriminals Benefit from Stolen Data   

August 02, 2024

Cybercriminals constantly seek to exploit stolen data for nefarious purposes. Understanding how they benefit from this data is essential for recognizing the risks and reinforcing security measures. According to the Identity Theft Resource Center’s (ITRC) 2023 Data Breach Report, the past year brought about a somber realization that cybercriminals have grown more relentless than ever. In the first quarter of 2024, ITRC recorded 841 publicly reported data compromises — up 90% over Q1 2023 — with no signs of slowing down. Here are eight reasons why bad actors are always hungry for fresh data.

Excerpted in part from The Midyear Cyber-Risk Report 2024 DOWNLOAD IT>>

8 ways cybercriminals benefit from stolen data

Stolen data has a myriad of profitable uses for bad actors. Here are some ways cybercriminals exploit stolen data:

1. Financial gain

Of course, money is almost always the biggest motivator for cybercrime. Cybercriminals use stolen data to make money through:

Direct financial fraud

  • Credit card fraud: Stolen credit card information can be used to make unauthorized purchases or create fake credit cards.
  • Bank fraud: Cybercriminals can use stolen banking information to withdraw money, transfer funds or create fake accounts.

Sale on the dark web

  • Personal information: Personal details such as names, addresses, social security numbers and dates of birth are sold to other criminals for identity theft.
  • Credentials: Login credentials for various online services, including email, social media and financial accounts, are valuable commodities on the dark web.

2. Identity theft

Personal data can easily be turned for a profit as it can be used to facilitate activities like:

Creating fake identities

  • New account fraud: Using stolen personal information, criminals can open new accounts in victims’ names, including bank accounts, credit lines and utility services.
  • Tax fraud: Fraudulent tax returns can be filed using stolen personal information to claim tax refunds.

Medical identity theft

  • Healthcare fraud: Cybercriminals can use stolen health insurance information to receive medical care, purchase prescription drugs or file fraudulent insurance claims.

3. Corporate espionage

Every business wants to keep an eye on its competitors. Here’s how bad actors profit from proprietary or corporate data:

Competitive advantage

  • Trade secrets: Stolen intellectual property, such as product designs, proprietary algorithms and business plans, can be sold to competitors or used to gain a competitive edge.
  • Market manipulation: Confidential information about a company’s financials or upcoming mergers can be used for insider trading or to manipulate stock prices.

4. Extortion and ransom

Bad actors will stoop to using almost any tactics to make a profit, including snatching data and holding it hostage by carrying out cyberattacks like:

Ransomware attacks

  • Data encryption: Cybercriminals encrypt a victim’s data and demand a ransom to provide the decryption key. This can cripple businesses, forcing them to pay to regain access to their own data.
  • Data exposure: Threatening to release stolen sensitive information unless a ransom is paid, causing reputational damage or legal consequences for the victim.

5. Exploiting credentials

Credentials are incredibly valuable. They’re the proverbial keys to a company’s kingdom, and cybercriminals won’t hesitate to use them for:

Account takeover

  • Service access: Stolen login credentials allow criminals to access various online services, from email accounts to cloud storage, leading to further data theft or fraudulent activities.
  • Credential stuffing: Using stolen credentials on multiple websites, exploiting the fact that many people reuse passwords across different services.

6. Social engineering and phishing

Phishing is a low-overhead operation that can be the opening gambit to many more serious cyberattacks. Stolen data can be utilized for phishing in the form of:

Targeted attacks

  • Spear phishing: Detailed personal information allows cybercriminals to craft highly convincing phishing emails targeted at specific individuals or organizations.
  • Social engineering: Using personal details to manipulate individuals into divulging further sensitive information or performing actions that compromise security.

What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>

7. Spreading malware

Malware, including ransomware, is the scourge of cybersecurity. Data theft is also a path toward malware attacks through:

Malicious campaigns

  • Email compromise: Compromised email accounts can be used to send malware-laden emails to contacts, spreading infections and gaining further access to networks.
  • Botnets: Stolen data can facilitate the creation of botnets, networks of infected devices used to conduct large-scale cyberattacks, such as distributed denial-of-service (DDoS) attacks.

8. Political and social manipulation

The shadowy world of international intrigue is fueled by information. Stolen data can be used in political actions like:

Disinformation campaigns

  • Influence operations: Personal data can be used to tailor disinformation campaigns, targeting individuals with specific political ads or misleading information to influence public opinion.
  • Election interference: Compromised information can be used to disrupt or influence the outcome of elections, creating instability and undermining democratic processes.

2 Examples of data-focused cyberattacks

Take a look at these examples of cyberattacks centered on data to learn more about how data can be exploited.

1.      Nation-state hackers searching for specific intelligence

Victim: Microsoft

First reported: The Week in Breach News: 01/17/24 – 01/23/24

Exploit: Password spraying

Initial report: Microsoft disclosed that several of its corporate email accounts were breached by a Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12, 2024. Microsoft’s internal investigation concluded that the attack was conducted by a group of Russian threat actors associated with Nobelium/APT29 (sometimes known as Midnight Blizzard or Cozy Bear). The software titan said that the threat actors breached their systems in November 2023 by conducting a password spray attack to access a legacy non-production test tenant account. Microsoft said the hackers accessed a “small percentage” of Microsoft’s corporate email accounts for over a month, including accounts tied to the company’s leadership team and employees in the cybersecurity and legal departments. The company speculates that the threat actors were looking for information about their own gang.

The aftermath: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a rare binding emergency directive on April 2, 2024, to an undisclosed number of federal agencies, requiring them to change any logins that were affected and to investigate what else might be at risk. Officials are concerned that the suspected Russia-aligned hackers obtained passwords and other secret material that might allow them to breach multiple U.S. agencies. Agencies have until April 30 to complete CISA’s directive and provide weekly updates on the progress made to reset passwords, session tokens and other authentication tools. CISA said that by September 1, 2024, it will provide a report to the heads of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) on any outstanding issues related to the hack.

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>

2.          Hackers trying to squeeze cash out of data exposure victims

Victim: MediaWorks

First Reported: The Week in Breach News: 03/20/24 – 03/26/24

Exploit: Hacking

Initial report: A cyberattack on MediaWorks may have resulted in data exposure for an estimated 403,000 people. The company said that the attack took place on March 14. The perpetrator has been identified as OneERA, who claims they stole 2,461,180 records purportedly containing personally identifiable information (PII) of individuals in New Zealand. The attackers advertised the sale of MediaWorks’ data, including PII and data from other sources like survey responses, videos, music content and electoral information. MediaWorks said that The Privacy Commissioner and police have been notified.

The aftermath: The hackers mounted an effort to extort the individuals who had their data exposed. Hackers contacted an undetermined number of the victims directly through email. In the messages, the cybercriminals told the victims that MediaWorks was unwilling to negotiate with them, so they intended to publish the data. The hackers demanded a ransom of $500 in cryptocurrency to not include their stolen personal data in the tranche. Eventually, the bad actors released the stolen data on the dark web.

Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>

Kaseya’s Security Suite helps businesses mitigate all types of cyber-risk affordably

Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber-risk effectively and affordably with automations and AI-driven features that make IT professionals’ lives easier.   

BullPhish ID: This effective automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID: Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus – Graphus is a cutting-edge, automated antiphishing solution that puts three layers of AI-powered protection between employees and phishing messages. It supercharges your Microsoft 365 and Google Workspace email security to catch threats conventional security may miss including Zero Days and AI-enhanced malicious messages. 

RocketCyber Managed SOC: Our managed cybersecurity detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.  

Datto EDR: Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Datto AV: Safeguard businesses effortlessly against sophisticated cyberthreats, including zero Days and ransomware with AI-driven, next-generation antivirus protection that is over 99% effective, far surpassing the industry average.

Vonahi Penetration Testing: How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.

See how our Security Suite can be put to work for you with a personalized demo.

  • Book a demo of BullPhish ID, Dark Web ID, RocketCyber Managed SOC andGraphus. BOOK IT>>
  • Book a demo of vPenTest BOOK IT>>
  • Book a demo of Datto AV and Datto EDR BOOK IT>>