fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Data Leak Marketplaces Aim To Take Over The Extortion Economy

Data Leak Marketplaces Aim To Take Over The Extortion Economy

Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data.

Long before ransomware gangs started extorting victims through the use of stolen data, other threat actors had already been using this practice.

One well-known and highly publicized hacker who performed this practice was The Dark Overlord, who stole data and demanded ransoms from DisneyNetflix, and insurance companies.

The Maze Ransomware group revolutionized ransomware operations in 2019 by adopting a double-extortion strategy. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.

Other gangs quickly adopted this extortion tactic.

Some threat actors have told BleepingComputer that the practice of stealing data and threatening to release it often generates more ransom payments than the loss of encrypted files.

You can see this shift in tactics with Babuk ransomware’s recent announcement that they would no longer encrypt devices and are moving solely to data-theft extortion.

The rise of stolen data marketplaces

With breaches happening almost every day, and governments issuing heavy fines for the exposure of personal information, threat actors are now capitalizing on these fears by using dedicated marketplaces that sell stolen data.

While dark web marketplaces for illicit goods are not new and have been used to sell stolen data in the past, they were not designed solely for data-theft extortion.

Recently, BleepingComputer has identified two new marketplaces called Marketo and File Leaks created to sell data to other threat actors or back to the victim themselves. In addition, there is one marketplace called ‘Dark Leak Market’ that appears to have been created in 2019.

Dark Leak Market

The oldest of these marketplaces is Dark Leak Market who has been selling stolen data since 2019.

The data sold at this site ranges from $100 to $9,000 and has been gathered from ransomware gang’s data leak sites and hacking forums, such as RaidForums. 

Dark Leak Market

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Using KELA’s DarkBeast intelligence platform, BleepingComputer found a post by REvil Ransomware’s Unknown confirming that the data is being resold from other data leaks.

Post by REvil Ransomware’s Unknown calling the site a scam

Marketo marketplace

Last month, threat actors launched a new marketplace called Marketo, with the owner contacting journalists and security researchers to promote the site.

“We would like to present the new marketplace Marketo, soon to be the best place to find, buy and sell any information about any company,” a threat actor behind Marketo emailed BleepingComputer.

Marketo leaked data marketplace

When we asked if this data was stolen as part of their own attacks or others, they stated, “It is a marketplace for people who have information for sale, we don’t hack companies.”

They also claimed to be against ransomware and are not affiliated with “those who block networks and extort funds.”

While most of the data found on the site does not appear to be associated with known ransomware attacks, that does not mean they are not hosting data from those types of attacks.

BleepingComputer was recently alerted by someone in the automotive cybersecurity industry who saw data on Marketo for a dealership known to have recently suffered from a ransomware attack.

File Leaks marketplace

The File Leaks marketplace was launched in April 2021 and dumps all of the stolen data at once, telling victims to contact them to pay to remove it.

The File leaks marketplace is the smallest of the sites, with two victims from Italy and one from India.

File Leaks marketplace

Paying the ransom is throwing money away

As we reported in November, victims should never pay a ransom for stolen data as there is no guarantee that their data will be deleted and not sold to other threat actors.

Ransomware negotiation firm Coveware told BleepingComputer that cybercriminals are increasingly failing to keep their promises after a ransom was paid.

In some cases, victims who paid were later extorted again using the same data, or the threat actors leaked the data anyway.

Furthermore, as shown by the Dark Leak Market, once data is leaked, there is no way to contain it as it spreads between different hacking forums and sites frequented by threat actors.

Also Read: Data Protection Officer Singapore | 10 FAQs

With this in mind, Coveware tells victims always to expect the following if they decide to pay a ransomware gang not to leak data:

  • The data will not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or held for a second/future extortion attempt
  • Stolen data custody was held by multiple parties and not secured. Even if the threat actor deletes a volume of data following a payment, other parties that had access to it may have made copies so that they can extort the victim in the future
  • The data may get posted by mistake or on purpose before a victim can even respond to an extortion attempt

Instead, data theft victims should always treat an attack as a data breach and properly disclose the breach to all customers, employees, and business partners to prevent them from being harmed by the stolen data.

Update 5/7/21 11:14 AM EST: We incorrectly stated Lorenz is a data leak marketplace, when in fact it is a ransomware group’s data leak site. Thx to Andre Gironda for the correction.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us