Victim Insights around the Russian Hack

Victim Insights around the Russian Hack

7 August 2014 – The recently disclosed Russian hack in which a Russian cyber gang stole billions of passwords from both commercial websites and consumers highlights the challenges we all face in our day to day activities on the web. Cyber thieves are targeting us all in their quest to make money and as we’ve talked about before, the Russian underground is the biggest and baddest of the underground economies.  The goal of this group is to steal as much money from the West and bring into their own country, and as such, this won’t be the last time this occurs.

The lesson from this we should all take is the cybercriminal underground is thriving and growing as the number of victims continues to grow on the web. Criminals have always gone to where the money is, and since 90+% of all currency is now online, they will continue to look for ways to steal it.

There are some specific behaviors we can all do to help mitigate our risks associated with these attacks. The following are a few best practices both commercial businesses and consumers can take now to help improve their security profile.

  1. Monitor your website(s) regularly for malicious compromise. Cybercriminals have been using legitimate sites for years to infect their victims as most security vendors will not block a legitimate site.  Scan for SQL Injections or cross-site scripts (malicious scripts) on your sites as well as check for known vulnerabilities in your web apps. Using a service that regularly scans your site for malicious activity can help here.
  2. Secure your databases that host customer data as well as your own internal employee data. Only allow authorised users to access and if you can, add two-factor authentication for access.  Also, encrypt the data if possible.
  1. The big challenge for consumers is when they visit a legitimate site that has been compromised, it is difficult to know. The best option for this is to ensure you have a good URL filtering solution that incorporates both web reputation and browser exploit prevention technology. Criminals usually redirect the user to another site where the actual infection occurs, and security vendors will block these redirects if not the legitimate site’s page if it is infecting the user outright.
  2. Consumers are often sent spam or phishing emails that entice them to open a weaponised attachment or click on a link. Either of these actions can result in an infection. As such, a good anti-spam/anti-phishing solution that includes checking embedded URLs help. But also, be aware of who is sending you these emails and if they look fishy, they probably are.
  3. The stolen credentials (username & password) are supposedly being used to access victim’s Twitter accounts. As such, users should monitor their social media accounts as there has been a lot of spam and phishing within social media in the last year. Be careful of messages within social media that are asking you to click on a link and have topics that try to entice you to click.
  4. We recommend you update your passwords on most of your online accounts regularly and if you have access to a password manager that can create strong passwords for you as well as manage your multiple account credentials. Note, you should not use the same password among your accounts.
Online users need to be a lot more suspicious of where they go online, of emails they receive, and of their social media interactions. Being aware of your surroundings is a key safety tip when you are in a strange city, think of the Internet as a strange city and be aware of your cyber surroundings.

Cybercriminals can use these stolen credentials in a number of ways. Likely they are selling them within the underground for different amounts depending on the information stolen.  Trend Micro researchers have been monitoring the Russian Underground market for a number of years and publishing prices of goods and services sold within. 

From our Russian underground investigation, the prices for spamming (per 10,000 messages) from 2011 to 2013 are below:

·         Generic (uses a public database): US$13 to US$4-5
·         External email database based: US$17 to US$13
·         SMS: US$600 to US$100
·         ICQ: US$55 to US$4-9
·         Skype: No data to US$86

The prices of stolen data have been dropping each year, and as such cybercriminals need to steal more data to make the same amount of money. This is a key reason why we’re seeing more high-volume attacks, whether the recent retail breaches against vendors who process a lot of credit cards, or attacks like the one discussed here. Compromising sites is a lot more efficient than trying to compromise individual users directly.

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment