Data Breach intro

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system's owner.
A small company or large organization may suffer a data breach.

What is data breach?

Data breach definition

The Malwarebytes Labs blog called 2018 the year of the data breach. What a year it was. The list of companies that were hacked by cybercriminals reads like a who’s who list of the world’s biggest tech companies, retailers, and hospitality providers—and that’s only the data breaches that we know about. In many instances, an organization or company won’t even know they’ve been breached until years later. According to the Ponemon Institute’s 2018 Cost of a Data Breach study, a data breach goes undiscovered for an average of 197 days. It takes another 69 days to remediate the data breach. By the time the security failure is discovered and fixed, the damage is already done. The criminals responsible will have enjoyed unfettered access to databases full of valuable data—your valuable data. Not to mention the data of hundreds of millions of people like you who had the bad luck of doing business with a company that got hacked.

With most data breaches, cybercriminals want to steal names, email addresses, usernames, passwords, and credit card numbers. Though cybercriminals will steal any data that can be sold, used to breach other accounts, steal your identity, or make fraudulent purchases with. In some instances, hackers want to steal your data just to prove that they can. This was the case in the 2015 VTech data breach, in which the data on 5 million adults and 200,000 children was compromised. The hacker responsible claimed they had no plans for the data and did not share it with anyone. Honor among thieves, right?

How do I get data breach?

How do data breaches happen?

An exploit is a type of attack that takes advantage of software bugs or vulnerabilities, which cybercriminals use to gain unauthorized access to a system and its data. These vulnerabilities lie hidden within the code of the system and it’s a race between the criminals and the cybersecurity researchers to see who can find them first. The criminals, on one hand, want to abuse the exploits while the researchers, conversely, want to report the exploits to the software manufacturers so the bugs can be patched. Commonly exploited software includes the operating system itself, Internet browsers, Adobe applications, and Microsoft Office applications. Cybercriminal groups sometimes package multiple exploits into automated exploit kits that make it easier for criminals with little to no technical knowledge to take advantage of exploits.

A SQL injection (SQLI) is a type of attack that exploits weaknesses in the SQL database management software of unsecure websites in order to get the website to spit out information from the database that it’s really not supposed to. Here’s how it works. A cybercriminal enters malicious code into the search field of a retail site, for example, where customers normally enter searches for things like “top rated wireless headphones” or “best-selling sneakers.” Instead of returning with a list of headphones or sneakers, the website will give the hacker a list of customers and their credit card numbers. SQLI is one of the least sophisticated attacks to carry out, requiring minimal technical knowledge. Malwarebytes Labs ranked SQLI as number three in the The Top 5 Dumbest Cyber Threats that Work Anyway. Attackers can even use automated programs to carry out the attack for them. All they have to do is input the URL of the target site then sit back and relax while the software does the rest.

Spyware is a type of malware that infects your computer or network and steals information about you, your Internet usage, and any other valuable data it can get its hands on. You might install spyware as part of some seemingly benign download (aka bundleware). Alternatively, spyware can make its way onto your computer as a secondary infection via aTrojan like Emotet. As reported on the Malwarebytes Labs blog, Emotet , TrickBot , and other banking Trojans have found new life as delivery tools for spyware and other types of malware. Once your system is infected, the spyware sends all your personal data back to the command and control (C&C) servers run by the cybercriminals.

Phishing attacks work by getting us to share sensitive information like our usernames and passwords, often against normal logic and reasoning, by using social engineering to manipulate our emotions, such as greed and fear. A typical PHISHING attack will start with an email spoofed, or faked, to look like it’s coming from a company you do business with or a trusted coworker. This email will contain aggressive or demanding language and require some sort of action, like verify payments or purchases you never made. Clicking the supplied link will direct you to a malicious login page designed to capture your username and password. If you don’t have multi-factor authentication (MFA) enabled, the cybercriminals will have everything they need to hack into your account. While emails are the most common form of phishing attack, SMS text messages and social media messaging systems are also popular with scammers.

Broken or misconfigured access controls can make private parts of a given website public when they’re not supposed to be. For example, a website administrator at an online clothing retailer will make certain back-end folders within the website private, i.e. the folders containing sensitive data about customers and their payment information. However, the web admin might forget to make the related sub-folders private as well. While these sub-folders might not be readily apparent to the average user, a cybercriminal using a few well-crafted Google searches could find those misconfigured folders and steal the data contained in them. Much like a burglar climbing right into a house through an open window, it doesn’t take a lot of skill to pull off this kind of cyberattack.

See: Security

What do criminals do with my data?

The danger of data breach

Stolen data typically ends up on the Dark Web. As the name implies, the Dark Web is the part of the Internet most people never see. The Dark Web is not indexed by search engines and you need a special kind of browser called Tor Browser to see it. So what’s with the cloak and dagger? For the most part, criminals use the Dark Web to traffic various illegal goods. These Dark Web marketplaces look and feel a lot like your typical online shopping site, but the familiarity of the user experience belies the illicit nature of what’s on offer. Cybercriminals are buying and selling illegal drugs, guns, pornography, and your personal data. Marketplaces that specialize in large batches of personal information gathered from various data breaches are known, in criminal parlance, as dump shops.

The largest known assemblage of stolen data found online, all 87GBs of it, was discovered in January of 2019 by cybersecurity researcher Troy Hunt, creator of Have I Been Pwned (HIBP), a site that lets you check if your email has been compromised in a data breach. The data, known as Collection 1, included 773 million emails and 21 million passwords from a hodgepodge of known data breaches. Some 140 million emails and 10 million passwords, however, were new to HIBP, having not been included in any previously disclosed data breach.

Cybersecurity author and investigative reporter Brian Krebs found, in speaking with the cybercriminal responsible for Collection 1, that all of the data contained within the data dump is two to three years old—at least.

Is there any value in stale data from an old breach (beyond the .000002 cents per password Collection 1 was selling for)? Yes, quite a bit.

Cybercriminals can use your old login to trick you into thinking your account has been hacked. This con can work as part of a phishing attack or, as we reported in 2018, a sextortion scam. Sextortion scammers are now sending out emails claiming to have hacked the victim’s webcam and recorded them while watching porn. To add some legitimacy to the threat, the scammers include login credentials from an old data breach in the emails. Pro tip: if the scammers actually had video of you, they’d show it to you. If you reuse passwords across sites, you’re exposing yourself to danger. Cybercriminals can also use your stolen login from one site to hack into your account on another site in a kind of cyberattack known as credential stuffing. Criminals will use a list of emails, usernames and passwords obtained from a data breach to send automated login requests to other popular sites in an unending cycle of hacking and stealing and hacking some more.