In order for CIOs to keep customers’ and employees’ data secure, it’s important for them to have a good understanding of what cybercriminals do with such data after they breach enterprise networks.
Earlier this month, the AI-powered photo editing application FaceApp generated controversy and lost a great deal of popularity when users learned of its Russian provenance. Sobered by the fear that millions of Americans may have willingly — albeit inadvertently — handed their personal data over to Russian intelligence agencies, the public has since been quick to uninstall the app and discourage others from downloading it. The Democratic National Committee even went so far as to place FaceApp on their “do not use list.”
Luckily, there might be more thunder than lightning at play here. French security researchers report that aside from the photos that users uploaded to be modified, the only data collected by FaceApp are users’ device ID and model numbers. This is fairly standard practice for photo apps, and is not, in and of itself, cause for concern.
FaceApp is most likely just the latest digital false alarm — but there are still some important takeaways here. The general fear of cybercrime demonstrates an encouraging understanding, on the part of the American public, that personal data is valuable and in need of strong cybersecurity. But although the public is well-aware that threat actors want their data, they’re often aware of little else — like what actually happens to stolen data, who buys it, and how it can be used.
When addressing rising concerns about data security, enterprise CIOs must ensure that their organizations are protected, especially since company data breaches often compromise employees’ and customers’ personal data. To develop best cyberdefense practices, it’s crucial that CIOs understand the role that the data black market serves in the cybercriminal operation.
When talking about the digital black market, most of the time we’re talking about the dark web — a “section” of the internet that can be accessed with dark web browsers — the most popular of which is called Tor. Tor works to obfuscate the origin of user traffic by essentially “bouncing” requests through an intentionally complex series of intermediate relays. At any given time, there could be thousands of relays routing traffic through the Tor network. Since the series of devices that comprise a relay are located across the globe, it can become extremely difficult for authorities to track an individual’s digital trail.
Websites on the dark web exist on this encrypted network, meaning they can’t be found via traditional search engines or visited on conventional web browsers. These practices make any dark web activity anonymous and untraceable. As such, it’s the de facto digital marketplace for illicit trading — and where malicious actors will likely take your stolen personal data.
Although not everything on the dark web is illegal, a significant portion of it operates as a marketplace for stolen data. However, the prices for sensitive information can vary greatly depending on a number of factors.
Certain kinds of data are more valuable than others — for example, a buyer will pay more for a stolen passport than they will for a driver’s license. Additionally, data is worth more if it can be reused by the buyer.
That being said, there are some general “market-rate” prices for commonly circulated items. For example, social security information typically costs $1, driver’s licenses can be worth up to $20 per unit, and credit card information can be worth over $100. What’s more, many sellers offer guarantees for their data’s freshness and will replace blocked credit cards within 15 minutes of purchase.
Enterprise data can be significantly more expensive than personal information, making enterprises a lucrative target for malicious actors around the world. Although it varies from one industry to the next, the average stolen record is sold at $160, with the higher end of the spectrum being up to $1,000 for an individual’s medical records.
There are many steps cybercriminals must take before they can bring any stolen data to market. The first step is to inventory the data they have exfiltrated. Hackers will sort through stolen files in search of authentication credentials — names, addresses, phone numbers, and financial information. They will then attempt to determine how valuable the information they have truly is. If they deem certain data less valuable, they’ll bundle them together and sell them in bulk for small fees.
However, with more valuable information — like company email addresses or passwords for large enterprises — hackers will curate packages that they sell for higher fees. This data must be sold with a bit more thought. Selling financial information, for example, is a bit of a tedious process.
A “digital broker” will typically buy credit card information in bundles from a hacker, which they in turn sell to a “carder.” A carder will run the credit cards through a shell game of purchases to avoid detection. With an obscured trail, a carder can easily transform stolen credit card information into digital gift cards that contain tangible monetary value. They can then use those cards to buy physical items which they resell for profit.
If they do all of this fast enough, they can beat the time it takes for a company to realize it’s been breached, and therefore capitalize on their purchases before victims cancel their cards. As such, the longer it takes for a hacker to sell your data on the black market, the less value they get from their hacks. This means enterprises must be ready to detect and immediately act on data breaches to minimize the damage.
In the end, instead of focusing all of our attention on likely harmless apps whose developers just happen to be Russian, it’s far wiser to concern ourselves with cybersecurity in the enterprise. After all, some of the most costly digital crimes over the past several years have been major enterprise data breaches.
At Turn-key Technologies, Inc. (TTI), we understand that defending against an array of cybercriminals is no easy task, especially during the current IT skills shortage. With nearly 30 years of experience helping businesses deploy, manage, and protect large-scale enterprise networks, TTI is the ideal partner when it comes to securing your customers’ and your employees’ data against today’s threat actors.