I’ve been reading about how Ransomware is affecting the insurance industry. A Ransomware group has added 90 organisations to their data leak site as victims of the MOVEit exploitation campaign. Currently the insurance industry is listed as having the highest number of victims. Now clearly the insurance industry is not alone in this, although it’s an obvious target given that it holds considerable amounts of personally identifiable data (PII), as defined in UK GDPR. It’s long been known that personal data, misappropriated or downright stolen, has been available for sale on the dark web, for many years. It’s one of the reasons why paying ransomware demands can be so wrong. Whilst I know the stated purpose of ransomware is to obtain a few to release the data and make it available again to the victim, it is also often a cover for a larger stealth attack which steals data without you knowing it.

Ransomware demands on SMEs tend to be very modest, often under 1K, so you have to wonder how many people are being hit to make it profitable.  And the small amounts are why company’s often pay up to get back access to their data quickly.  But as I said above, while this is going on the attacker is already on your system siphoning of any personal data you might have, safe in the knowledge that you’re going to pay up and they don’t have to worry about any investigations, even if such investigations are likely to bear any fruit.

But back to the news I opened with.

A criminal online marketplace selling millions of sets of stolen personal information for as little as 56p per entry has been taken down in an international crackdown.

The sting, led by the FBI and Dutch police and involving law enforcement agencies across 18 countries including the UK’s National Crime Agency (NCA), took Genesis Market offline on Tuesday night.

Users trying to access the site were greeted with a page emblazoned with the FBI investigation name Operation Cookie Monster.

The marketplace, one of the most significant of its kind in the world, had 80 million sets of credentials available for sale, affecting two million victims. Details, including online banking, Facebook, Amazon, PayPal and Netflix account information were up for sale alongside so-called digital fingerprints containing data from the victims’ devices. This enabled criminals to bypass online security checks by pretending to be the victim.

Investigators from the NCA carried out a series of raids yesterday targeting around 20 users of the site, with dozens of arrests abroad.

Source – Evening Standard

The Head of Cyber Intelligence at the NCA has said that Genesis Market is one of the top criminal marketplaces anywhere in the world, enabling fraud and a range of other criminal activities online by facilitating that initial access to victims, which is a critical part of the business mode in a whole range of nefarious activity.

I am often asked, ‘how do hackers hack’?  Often the first step is to profile businesses and their employees.  There is a plethora of data available on open sources if you google it.  Company’s House, for a small fee, can disclose who the key players are, what you last set of accounts looked like etc.  Social Media accounts are another rich source of data, but buying personal information is a quick and easy way of obtaining data and at the cost of 59p a record, also cheap.

This type of attack can by a real double or even triple whammy for an SME.  First you have to fork out to get your data released, then if the data breach becomes public, there is a risk of a very punitive fine from the ICO, (check out their website, they publish fines handed out), and there is a very real risk of being sued by those whose data has been breached, (check out the no win no fee lawyers out there now advertising their services for anyone who suspects their data has been stolen or made public).

How much better to secure your data and systems to prevent this from happening. The threat landscape has always been ever changing and we have long been playing catch up to the cyber criminals and scammers but working patterns have now changed so much and in such a short space of time, that we have created a whole new avenue of problems for ourselves.  The global pandemic has changed working patterns so that the office is no longer the bastion that it was, and our network boundary is now our laptop, phone, or tablet, wherever we may be working from.

Here at H2 we have been very busy coming up with solutions to meet these new requirements.  We have aimed at driving down complexity and cost and at the same time recognising the ‘new normal’, whatever that may mean for your company, and covering off zero day attacks and ransomware, two of the most dangerous threats to all organisations. But our solutions are aimed at the SME which means they must be affordable as well as innovative and comprehensive.  We think we’ve done just that.

Our solution is based on sound risk management techniques allied with products which work seamlessly together or as individual solutions.  Whether you need one of these, two, three or all four, depends on your requirements and to some extent, your size of company and the vertical you operate in.  Two of these products are very new to the UK market but are tried and tested in other countries, notably the US.  The access management solution has been in use in Europe for some time whilst the anti-malware solution which covers off zero day and ransomware, has been in use in the enterprise market, especially government and CNI for some years and is only now available in an affordable way, for SMEs.

[/et_pb_blurb][/et_pb_column][/et_pb_row][/et_pb_section]