Sunday, October 1, 2023

Experts explain how the current wave of corporate hacks is part of a growing criminal business model for stolen data

Must read

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

New details have emerged on the seriousness of the Medibank hack, which has now affected all users. Optus, Medibank, Woolworths and, last Friday, electricity supplier Energy Australia are all now among the Famous names who have been victims of a data breach.

If it seems like barely a week goes by with no news of another incident like this, you’d be right. Cybercrime is on the rise – seven major Australian companies have been hit by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

The increasing number of data breaches is in large part driven by the growth of a global illegal industry that trades in your data. In particular, hackers known as “initial access brokers” specialize in illegally gaining access to victims’ networks and then selling that access to other cyber criminals.

The Cybercrime Ecosystem

Hackers and initial access brokers are just part of a complex and diversifying ecosystem of cybercrime. This ecosystem contains several cybercriminals who increasingly specialize in a particular aspect of online crime and then work together to carry out the attacks.

For example, one of the fastest growing and most damaging forms of cybercrime – ransomware attacks – involves malicious software that cripples a victim’s device or system until a decryption key is provided upon payment of a ransom.

Ransomware attacks are big business. In 2021 alone, they made cybercriminals more than 600 million dollars. The vast amounts of money that can be made from ransomware and the rich plethora of targets from around the world are fostering the development of a massive ransomware industry.

Ransomware attacks are complex, involving up to nine different phases. These include accessing a victim’s network, stealing data, encrypting a victim’s network, and making ransom demands.

specialized criminals

Increasingly, these attacks are not carried out by lone cybercriminals, but by networks of different cybercrime groups, each specializing in a different stage of the attack.

Initial access brokers often perform the first phase of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world” their job is to gain access to a victim’s network.

Once they have compromised a victim’s network, they usually sell this access to other groups who then steal data and deploy the ransomware that paralyzes the victim’s computer systems.

There is a huge and growing underground market for this type of crime. Dozens of online marketplaces on both the dark web and surface web offering services of initial access brokers.

Their access to companies can be purchased for: as little as US$10although more privileged administrator-level access to larger companies often comes at a cost of several thousand dollars or more.

Responding to the Growing Cyber ​​Threat

Over the past month we have seen different cases from cyber criminals who refrain from actual ransomware. Instead, they tried to directly extort companies by threatening to publicly release all the data they stole.

While not as devastating as a ransomware attack, data breaches can cause serious financial and reputational damage to an organization (just ask) Optus CEO Kelly Bayer Rosmarin), not to mention major problems for clients or customers who have now released their private information online.

In the last six months of 2021, more than 460 data breaches were reported to the government. Even more disturbing is that this number is almost certainly an underestimate.

While companies with revenues over AU$3 million are required by law to report data breaches involving personal information, most small businesses are not subject to mandatory reporting laws. Therefore, they have little reason to report a data breach that could deter customers and harm their brand.

Taking action against cybercrime

So what can we do about it? Initially, companies need to rethink their approach to data. Data should be treated not only as an asset that can be freely stored and traded, but also as an obligation that must be carefully protected.

some experts Call on Australia to follow the European Union’s approach and introduce stricter corporate regulations that better protect consumer data.

This week also the federal government plans introduced to fine companies that do not provide adequate cybersecurity and are subject to repeated data breaches.

Reforms like these can help, especially in preventing relatively simple data breaches, such as those that: recently hit Optus.

On the other hand, punitive fines for victims could further strengthen the hand of enterprising cybercriminals – they could try to use these fines to further extort their victims.

There is no panacea to solve cybercriminal threats. Both government and business must at least continue to work together to improve our cyber defenses and resilience. Through research, we also need to work to better understand the global cybercrime ecosystem as it continues to evolve.The conversation

This article was republished from The conversation under a Creative Commons license. Read the original article.


More articles

Latest article