When hackers gain access to private networks, often they are looking to obtain confidential information, credentials, and Personally Identifiable Information (PII) for illicit use. There were some 5 billion records stolen through 4,500 publicly disclosed data breaches in 2018. In an interview at the Washington Fraud and Breach Prevention Summit, Chris Pierson, chief security officer and general counsel at Viewpost, payments and invoicing provider suggests, “we’re not focused in on that key event, the key principle that a breach has occurred when the data is stolen and exfiltrated… The controls that are infiltration based only, they’re not sufficient anymore. We need to go beyond that.”
By shifting the focus to exfiltration and implementing ongoing cybersecurity measures alongside investigative efforts, organizations are well prepared with intelligence that covers both internal data privileges and external sites where data is sold online.
Data Exfiltration Defined
Data theft, also referred to as data exfiltration or data extrusion, refers to the unauthorized transfer to data from one network location to another network or recipient. Typically, this occurs when nefarious organizations or hackers are attempting to steal data for illicit and malicious use.
When this happens, the financial and reputational costs to organizations can be substantial. Consumers themselves can suffer when their credentials are used which can trickle down to other organizations, such as banks and credit card companies. In 2018, according to the Ponemon Cost of a Data Breach Study, the average total cost from a single data breach has increased to $3.86 million from $3.62 million in 2017. The average total cost for each lost record also rose from $141 to $148, an increase of 4.8 percent.
Unfortunately, organizations that have suffered a data breach often do not find out until after they have been informed by law enforcement. At this point, the damage is already done and organizations have a harder time controlling the narrative.
Corporations need to act fast to contain a data breach, but they are already at a disadvantage if their infiltration monitoring is inadequate or if the threat is perpetrated from the inside. The Ponemon Cost of a Data Breach Study indicates that the mean time to identify a data breach was 197 days. The mean time to contain a data breach falls around 69 days.
With stolen credentials, the possibilities are almost endless. Hackers can use these credentials to:
- Send spam from compromised accounts
- Deface web properties
- Install malware
- Compromise other accounts using the same credentials
- Exfiltrate more sensitive data (data breach)
- Steal identities
In some cases, the hackers perpetrating the theft might use the data for their own malicious purposes, such as exfiltrating more sensitive data from other networks that can be accessed using the same credentials. In most cases, whether or not the data was acted on already, credentials can be found on the Dark Web.
Multiple Dark Web marketplaces cater to the sale of stolen credentials. Some sites will allow anyone to create an account to sell stolen data, in other cases, the operators of the sites themselves might be hacking corporations to directly sell stolen data. The operators of Joker’s Stash, for example, one of the more popular sites for buying stolen credit cards on the Dark Web, have been tied to several recent breaches, including Saks Fifth Avenue, Lord and Taylor, Hilton Hotels, Whole Foods, and Chipotle, among others. With most of these breaches, companies were not aware of the breach until customer credit cards appeared on the site.
That is why we recommend monitoring the Dark Web on an ongoing basis whether or not a breach has been detected. With every breach, exfiltrated data could end up for sale on the Dark Web and the sooner this is discovered, the better.
Book a demo with Media Sonar to learn more about how to investigate and monitor for your exfiltrated data on the Dark Web.