Stealer's market
14, Apr, 2023
Cyber attacks are on the rise, growing in 2022 by 38 per cent when compared to the prior year. It’s not just dramatic events like the ones splashing headlines either, involving behemoth companies or federal institutions. Each of us is at a higher risk of being targeted now. Part of that comes from more of our lives being spent online than ever before. Virtual work arrangements are now commonplace, and companies enthusiastically request us to share intimate information so they can in turn use it for marketing research.
All this to say, the people who want to crack into our accounts now have a lot more information with which to work. Cybercriminals will devote time to trawling private individuals’ social media feeds for password possibilities like pet names, significant numbers, or anything else shared that could hold meaning to a person. Hackers can then use advanced automated tools to “stuff” possible credentials into dozens of accounts associated with their targets. These tools can even account for number variations in passwords. They’ve been built with the knowledge that many people will change only numbers, but keep the words in a passcode the same.
With how nefarious and concerted these efforts appear, VC3 Chief Information Data Security Officer Nett Lynch says it’s important to remember this is not just something these actors do for kicks – it’s how they make their living.
“This is a business for them. This is their full-time job; they're going to do everything they can to find the most likely terms or phrases that that person is going to use,” she explains.
“They have to figure out all these sneaky ways to get around all the security we have in place, and they know that the way to get around security and technology is the users. So, they use psychology to find weaknesses in individuals and exploit them.”
Hacking has, in a sense, become its own industry – and it’s never been easier to become a self-starter than in the cybercriminal environment of today. Starting one’s own enterprise is now as simple as a darkweb shopping trip. This ease of access has led to various classifications of hacktors.
“At the very base level are the folks that we call script kiddies. So, they're people who don't really know any IT, they don't know any networking, they don't know any code,” Lynch says.
These enterprising individuals will venture to the darkweb and buy a ransomware as a service (RaaS) software package. Such products are like any other SaaS application available, where the customer buys a license to use the software, then simply runs it. With ransomware, a hacker will encrypt files on their target’s device, rendering the files and systems relying on those files unusable. The hacker then has leverage to demand a ransom in return for returning file access to the target.
“That is how easy it is. You can go out on the dark web, sign up for ransomware as a service and start your own ransomware business,” Lynch explains. “It doesn't require expertise like it did just a few years ago. You just have to have the desire to do it.”
This landscape is to an extent a black mirror of regular information technology services. “What's really funny is ransomware as a service has tech support. So, if the script kitty is like, 'Hey, I'm trying to run this, and my payload isn’t activating, I can call tech support at the ransomware company, and they're going to help me do it,' " Lynch explains.
There are even ethical codes to which certain RaaS providers allege they adhere. Lynch points to the providers behind the Colonial Pipeline ransomware attack as one of these organizations. This organization is DarkSide Ransomware As a Service Group, believed to operate out of Eastern Europe.
As part of DarkSide’s ethical code, they won’t allow their partners, the script kitties, to execute on hospitals or any emergency services. If those partners do cross this line and DarkSide finds out, it will provide the decryption key to the target whose data has been ransomed and apologize. The RaaS provider would then sever its relationship with the script kitty and cut off their ability to use the software. That said, claims of ethics from cybercriminals who attack vital infrastructure probably don’t hold water.
With the threat environment heating up, it’s important for both individuals and companies to tighten their defences, Lynch emphasizes. One method of self preservation is simply to post less content.
“The big key is don't give them any information. Don't help them with their information collection,” she says.
Besides sharing more of our personal info online, another cause of growing threat exposure comes from how interacting with strangers has become something we think almost nothing of doing, Lynch says.
“Part of the normalizing interacting with strangers is, if somebody hits you up on LinkedIn or something, asking 'Can you introduce me to somebody?', most people will say yes, not knowing who this person is. And now this person you've just given a referral to, that may actually be the bad actor's target. Now you've given a referral, they're going to be more open to sharing information. Now, [you’re] a gateway for this bad actor.”
There’s also the matter of companies we deal with as consumers and via B2B. With how much information we share with businesses, the consequences of them being hacked can reach far.
“If you have a partner that has an incident, and data is exfiltrated and now it's put out on the darkweb, you as their customer have no control over that,” Lynch says.
“The only way you can defend against that is by having unique passwords, using a password manager to control all those, putting multifactor authentication on every account. And then also supplementing with training,” she explains.
The situation we now find ourselves in as users is one in which we should now be questioning everything, Lynch holds. This includes scrutinizing whether to open an email, report it, or click a link from an unknown source.
“I think that's where it falls back to you as the consumer. If you're signing up for something, there's a certain requirement that you have to buyer beware of what you're signing up for. And if something is free, that means you are the product, because other companies are buying something from this company that's providing you something for free,” she says.
The reality is, it’s always been prudent to be wary about what to share and with whom. Luckily, it’s not too late to pull our cards back in close to keep the ill-intentioned from peeking.