Identity-Based Attacks Proliferate as Exposed Credentials Become More Intimate
Preventing identity-based attacks such as account takeover (ATO) fraud and Business Email Compromise (BEC) begins with securing your personally identifiable information (PII), but this seems to be increasingly difficult as cybercriminals continue to evolve. Bad actors collect PII from various sources, including breaches, leaks, social media and other publicly available information to create identity-based profiles, which they can weaponize for serious crimes, causing irreparable damage for businesses and individuals alike.
My cybersecurity firm, 4iQ, recently released its flagship identity breach report, “Weaponized Data Breaches: Fueling Identity-Based Attacks Across the Globe,” which explores the uptick in identity-based attacks across the globe. The report unearths findings from 2019 that will better prepare us for what lies ahead during the rest of 2020. This is especially important as we navigate these uncertain times resulting from the COVID-19 pandemic. Cybercriminals are catching onto the fact that cybersecurity is not top of mind for many consumers right now. Below, I outline some of the report’s most salient findings that give insight into the latest attack trends by cybercriminals.
This past year, we detected an increase in rich PII exposed per breach or leak package. Notably, compared to 2018, there was a 10 percent increase in emails and passwords contained in data breaches, and a 14 percent increase in PII. Unlike passwords, many identity attributes are permanent or very difficult to change, which makes this finding especially concerning. Individual breaches usually contain only a small subset of attributes, and every data point is valuable to cybercriminals. The more data they collect on someone, the more valuable each set becomes.
Another trend we noticed in 2019 was cybercriminals re-releasing big combo breach packages containing aggregated emails or usernames and associated clear-text passwords, and combining them with data from newer, large-scale breaches. In fact, combo breaches increased 67 percent during the past year – much of this data is from older breaches, repackaged and recirculated in underground communities. It is important to keep in mind that a breach from five years ago can still affect people today since exposed credentials continue to recirculate. Credentials are also used for low level blackmail or “sextortion” campaigns. Because of this, I cannot stress enough the importance of using unique, complex passwords for every account. It can go a long way in making the data obsolete.
In total, we found 18.7 billion raw identity records (including duplicates and fakes) circulating in underground communities in 2019, a 25.5 percent increase from 2018. We confirmed 4.2 billion of those as new, authentic identity records – a 16.6 percent increase. Significant reasons for the increase included large organizations breached and the circulation of big data packages with confidential documents – including bank statements, agreements, contracts from government agencies, and more.
With all this sensitive information circulating in underground communities, you may be wondering how much it would cost to purchase these types of records. Interestingly, our research found the average prices for identity record type in the dark market are as follows: $67 for a Social Security number; $53.25 for password; $48 for a driver’s license; $40.80 for a credit card number, and; $28.75 for a tax ID.
In addition to personal cybersecurity, the report also looked into recent trends related to government breaches, given the 2020 U.S. presidential election is right around the corner. We noticed a year-over-year rise of government breaches, observing over 356 million records exposed globally due to said breaches. Further, the United States faced the largest number of attacks of any nation in 2019; exposed identities in the U.S. represented 28 percent of all curated records detected in breaches.
Given the heightened activity by cybercriminals highlighted in our report, it’s important to remember we all have a role to play when it comes to cybersecurity. Unfortunately, one employee can put a whole company and its supply chain at risk, so everyone must ensure they are taking proper precautions, especially when many offices have transitioned to working remotely.
Individuals should keep up to date with cybersecurity best practices – the FBI’s site is a good place to start – use unique, complex passwords, and when possible, multi-factor authentication. Further, during this extended work from home period, employees should be on alert for phishing or malicious emails.
Businesses should educate their employees on cybersecurity through virtual mandatory trainings, develop comprehensive and proactive strategies – the National Institute of Standards and Technology (NIST) is a great resource – and consider investing in a credible identity intelligence monitoring service to potentially mitigate damage from a breach. We are at a watershed moment in the history of science, healthcare, and yes, cybersecurity. Let’s learn from our past and take action, so that we don’t repeat history by making the same mistakes.