- Largest number of leaks of confidential information occurs in government agencies (13%), IT companies (12%), and industrial companies (11%).
- Cybercriminals shift focus from personal data to stealing company credentials and trade secrets.
- Ransomware is the most popular type of malware used by cybercriminals to steal confidential information.
Government agencies were the most frequent victims of attacks resulting in the leakage of confidential information in the first half of the year.
According to Positive Technologies’ first study on data breaches, government agencies accounted for 13 per cent of total attacks in the first half, which is three per cent higher compared to the same period last year.
Moreover, leaks from government agencies also occurred due to data breaches in the systems of contractors and counterparties.
On dark web forums, the largest number of offers with data from government agencies were from countries in Asia (33 per cent), Latin America and the Caribbean (18 per cent), and the Middle East (16 per cent) due to the fact that these regions are targets of APT groups that primarily attack government organistions.
“Attackers have a pronounced interest in confidential data because of the opportunity it presents for significant financial gain. For example, through the extortion of money in exchange for the non-disclosure of stolen data, fraudulent operations and phishing campaigns using personal data, or its sale on the dark web,” the report said.
Volatile geopolitics
“Volatile geopolitics also contributes to the development of cyber espionage and hacktivism with the aim of disrupting the stable operation of infrastructures and publishing stolen data in the public domain.”
In the first half of 2024, government organisations were often targeted by cybercriminals specifically to steal personal data.
For example, DAIXINTeam announced a ransomware attack on Dubai Municipality in the first half of the year. The group claims to have stolen 60–80GB of scans and PDF files containing lists of IDs, passports, and other files with personal data.
“Analysis of confidential information leaks is closely related to the study of the dark web where criminals usually sell stolen data. In terms of regions, in the first half, offers for the sale and free distribution of data were most often seen from Asian countries, totalling about a third of all ads (30 per cent),” the report said.
In the ranking of individual countries by number of ads on dark web forums, Russia leads the top five with a share of 10 per cent, followed in descending order by the United States, India, China, and Indonesia.
Dark web forums
The most popular type of data on the dark web in the first half was personal data, with the share of ads for the sale or distribution of personal data topping 83 per cent.
In March this year, shadow forum offered access to the UAE’s Emirates Investment Bank for $10,000.
“Credentials are frequently sold on dark web forums, a key revenue source for cybercriminals. The rise in these leaks is evident on the dark market—forums now offer access to dozens or hundreds of companies per post. In April, a listing was posted offering access to the infrastructure of 16 companies from various industries across Latin America, the Middle East, Europe, and Asia, with prices ranging from $250 to $5,000,” Anna Golushko, Senior Analyst at Positive Technologies, said.
According to the listing’s authors, she said that these firms’ revenues range from $4 million to $2.8 billion.
“For instance, a UAE-based consumer electronics company with $6.5 million in revenue had its data valued at $400. In June, another listing offered credentials for over 400 companies, including access via Jira, GitHub, and GitLab,” she said.
More than half of ads on the dark web are priced under $1,000. Every tenth ad belongs to the most expensive category at $10,000 or more. The most expensive offers (over $50,000) involve major financial institutions, retail giants, and IT companies.
Comprehensive approach
In the second quarter of the year, EDR developer Cylance suffered a cyberattack, resulting in 34 million emails and an unspecified volume of customer and employee data being sold for $750,000.
The main methods of successful attacks leading to the leakage of confidential data in first half were the same as usual: malware, social engineering, and exploitation of vulnerabilities.
Ransomware is the most popular type of malware used by cybercriminals to steal confidential information.
“Preventing data leaks requires a comprehensive approach, including tools to protect user devices, corporate networks, and data itself. As corporate data infrastructures evolve into complex systems that are constantly changing rapidly, a unified solution is essential to safeguard information, regardless of its complexity or location,” Golushko said.
Related Posts:
- Iran cyber army helps cybergangs deploy ransomware
- AI-driven cybercrimes soar amid clampdown in first half of 2024
- Disparity in cyber protection between head office and branches raises concerns
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
You must be logged in to post a comment.