Data Breaches Made Easy

These days, starting a data breach is a lot easier than stopping one. Attacks on sensitive data are no longer the sole domain of sophisticated nation-states or criminal groups—or even the genius loner working in a basement. Data breaches have emerged into the everyday, and just about anyone can be a hacker. All it takes is some basic know-how and access to the right tools and software—information and resources that are only a click away.

Report: When a data breach strikes, what’s the best way to respond?

The Dark Web

Many successful attacks begin on the seamy underside of the Internet, known as the Dark Web. Described as “the information superhighway of illicit commerce,” the Dark Web can be easily accessed using Tor browsers. Be warned, though. Touring the Dark Web takes what Tech Republic calls “a stomach made of steel,” as it contains black markets crammed with stolen information, black hat hackers, and human and drug traffickers.

Deepdotweb, the flagship publication of the Dark Web, is packed with valuable information, including new advancements in hacking software, cyber-crime how-to articles, and advertisements for hacking education. Amazon Dark, a sinister version of Amazon, is a good place to buy hacking software.

Ransomware-as-a-Service

Ransomware has surged in popularity as the attack method of choice; Kaspersky Lab reported a 30 percent increase in attempted ransomware attacks in Q1 of this year over the previous quarter and Symantec finds there are a whopping 4,000 ransomware attacks per day, according to its 2016 Internet Security Threat Report. Ransomware gains access to a computer system and makes either the system or the data inaccessible, then attempts to extort payment from the owner in return for returning access.

Now a new business model called ransomware-as-a-service (RaaS) is extending the reach of this malware to the common criminal. Here, “distributors” buy a customized ransomware executable from a “boss” who receives a percentage of each ransom paid. Trend Micro recently described several RaaS variants that are easy to find, buy, and use. One, known as Stampado, only costs the low, low price of $39 for a so-called lifetime license. Another, aptly named Shark, is available on a public WordPress site instead of an anonymous network like Tor.

Wi-Fi Hacking

Tools for hacking into Wi-Fi hotspots are spreading like a cold virus—and you don’t have to be very smart to use them. According to Jared Howe of Private WiFi, there are more than 300,000 videos on Wi-Fi hacking. InfoSec Institute lists 20 popular wireless hacking tools that can be used for legitimate purposes, but also for gaining unauthorized access. Then there’s dubious solutions such as Wi-Fi Hacker, password hacking software that gets you “all the internet you want without paying a dime.”

Data Breach Is Child’s Play

Kids seem to instinctively grasp technology—and the less-than-ethical ones put it to unwise use. In February of this year, Scottish police arrested a 15-year-old boy from Glasgow, who, according to Motherboard, was a key member of the hacking group called “Crackas with Attitude,” or CWA. For months, this group has been aggressively targeting the U.S. government; they hacked CIA director John Brennan and James Clapper, the director of National Intelligence—as well as allegedly breaching a Department of Justice network.

Defending Against Data Breach

Advances in technology improve our ability to protect confidential customer and patient information. But they also make it easier for less tech-savvy criminals to become hackers and expose the very data we’re trying to safeguard.

In 2010, Forrester Research introduced its “Zero Trust” model for security. At the time, John Kindervag, senior analyst with Forrester, was quoted in Dark Reading as saying, “Times have changed. You can’t think about trusted and untrusted users.”

He added, “We have to know what’s going on in our networks. Users can’t have willy-nilly access…they will either inadvertently do something bad and maybe get fired for it or illegally access data they actually had access to.”

Six years later, the need for Zero Trust is greater than ever. With more and easier ways to hack into networks or hold data for ransom, we have to assume no data is safe. Only with this assumption can we take steps to adequately protect that information.

Ironic, sobering thought.

Report: When a data breach strikes, what’s the best way to respond?