Data breaches are nothing new – but that doesn’t mean they’re any less damaging. In fact, they’ve only gotten worse. Since companies loathe to report them, taking a few months or even a few years to issue a statement on any cyber attack, it’s been difficult for consumers and businesses alike to protect themselves or even realize the full impact of their repercussions. They’ve also inspired fraudsters to push the boundaries further. We’re starting to discover the evolution of data breaches and how hackers have taken these authentic credentials to wreak even more havoc and fraud. Cyber criminals don’t just have one or two pieces of authentic information – they have entire profiles and are quickly profiting off them.
One of the key enablers of this has been the dark web, as fraudsters not only have stolen data but can sell the data on the dark web for other fraudsters to use as well. Known as the anonymous network of sites where hackers exchange illicit information, the dark web has been linked to various kinds of fraud, including the development and refinement of malware, point-of-sale (POS) attacks, and the notorious 2013 Target data breach.
Here are three of the latest high-profile dark web wheeling and dealings that have made headlines:
Just last month, many of Amazon’s third party sellers experienced a massive data breach thanks to authentic credentials obtained through the dark web. Fraudsters reportedly logged into the accounts of these sellers – some of them dormant – to sell fake items at deeply discounted prices and changed the associated bank account information to divert the fraudulent profits into their accounts. Nearly hundreds of thousands of dollars were lost before the legitimate business-owners could catch up and reclaim their accounts.
Amazon, home to more than two million third-party sellers, has become a major target for dark actors. This may be the first of its kind, but it won’t be the last. The incident has served as a reminder for businesses to regularly change their passwords and implement two-factor authentication. Those are simple steps but enable an extra layer of protection from fraud. For customers, if something is priced too good to be true – it probably is. Beware of unusually low prices.
High profile companies and networks have been the victims of data breaches, and unfortunately the vast education network Edmodo is no exception. A hacker infiltrated the popular education platform with over 78 million educators, parents, and students, which featured their names, email addresses, and algorithm-hashed passwords. While Edmodo has stated that user passwords have not been compromised, they are still investigating the impact of the breach. According to Motherboard, the hacker has already listed the credentials on the dark web for $1,000.
Credentials aren’t the only goods for purchase – ransomware has been frequently sold on the dark web and often for mere dollars. The marketplace has played host to similar methods that was used to implement the mass cyberattack we saw this past weekend. One of the fastest and most crippling attacks recorded, the global cyberattack rapidly spread through hundreds of thousands of companies and organizations across 150 countries, most notably the Nation Health Service (NHS), England’s national healthcare system. Hospital systems have been a frequent target given their slowness to update and upgrade software and storing important, critical personal information. Once implemented, these simple but consequential methods have caused chaos and obtained access to even more troves of data. While the exact roots of this major attack are still being traced, it’s a warning to companies to amp up their security and fraud prevention measures.
Just like data breaches, fraud is only going to continue to evolve and emerge when you least expect it. It doesn’t take much for fraud to progress, but the damages are substantial and costly when it does. These headlines serve as a reminder not to wait for another news cycle to occur, but make sure you have a comprehensive fraud prevention system in place and are ready to manage fraud before it happens.