Category: identity theft

Jul 20 2017

Darknet Markets Will Outlive AlphaBay and Hansa Takedowns

On June 20, law enforcement took over the Hansa marketplace after investigations that began in 2016. On July 5, police in Thailand arrested Alexandre Cazes, alleged to be the operator of the large underground market AlphaBay. These efforts have taken two of the largest darknet markets offline.

AlphaBay, and later Hansa, was one of many markets that filled the void left by the notorious drug sales market Silk Road, which was shuttered by law enforcement in 2013. Some of these opportunistic markets quickly shut their doors, while others were scams to take advantage of buyers looking for new places to purchase illegal goods. Sheep Market absconded with more than $40 million in an elaborate exit scam. Evolution bilked $12 million from vendors in 2015. Other markets have come and gone for various reasons, including law enforcement takedowns such as Silk Road 2.0 in 2014. AlphaBay opened shop in 2014 and by 2015 had become the largest darknet marketplace. Until their recent takedown, AlphaBay remained the longest lasting market also ranked at the most popular while Hansa was ranked third.

Drug sales are the main driver behind the plethora of darknet markets. Following Silk Road, most markets opened their policies to include many items, including guns and stolen data. Partially due to the 2014 retail dumps, excess credit card data drove the growth of new markets, as discussed in my article “Dynamic Changes in Underground Data Markets.”[1] Customers who otherwise would not have purchased stolen digital content now had easy access, creating more demand. Botnets, hacking services, and other cybersecurity-related goods also appeared on new markets, attracting impulse buyers who otherwise would have had no access.

The recent law enforcement takedowns will inevitably change behaviors in current markets, temporarily reducing the buying and selling of illicit digital goods. Both buyers and sellers will be on guard, but it is naive to believe that stolen data and malware sales will decline. The takedowns of these markets will be only a hiccup in overall sales because other markets are quite willing to take on new customers.

It is relatively simple to use search engines and popular communities to find a list of darknet markets. Sites such as Dream Market are still very active. Dream Market is mostly a drug-sales market but also includes a large amount of digital goods. The following screen image shows postings for stolen accounts, including digital streaming accounts, and various fraud tools.

We also expect to see continued sales of stolen data and malware because some markets, especially the smallest, are eager to take on the new business. The relatively new market House of Lions is offering AlphaBay vendors discounts to move their shipments to its platform. These new platforms need established, trusted sellers to bring in more clients.

We’ve already seen evidence of customers quickly migrating to new markets, with some struggling to keep up with the influx of users. Hansa, which has been operated by law enforcement since June 20, saw a large influx of AlphaBay users flock to its services. On July 17, law enforcement halted registrations to deal with the large migration.

Unlike in the days of Silk Road, buyers and sellers have many choices today. Formerly, darknet markets used various digital currencies and were just beginning to use Bitcoin as their primary means of trade, according to the McAfee report “Digital Laundry.” Silk Road popularized Bitcoin for darknet markets and it remains the primary currency. Several markets—such as Wall Street or Trade Route, which offer stolen databases and identity theft data among other goods—are experimenting in other crypto coins, such as Monero.

Buyers looking for ransomware can find listings on Zion. Nearly all the darknet markets deal in stolen credit cards, so there are plenty options. Each market has its own focus and features. Buyers and sellers inconvenienced by the takedown of AlphaBay and Hansa will find their way to one of the many options available today, just as with legitimate retail shops.

 

Darknet markets fill the demand for digital data. Although facilitators of those sales were taken down, the market for data still exists. We will still see the buying and selling of credit cards, databases, entertainment accounts, and other data. The demand will also continue to lead to attacks to acquire this data. If enough markets are taken down, it may eventually become too risky for criminals to remain in business, but in the meantime we must be diligent to protect our assets.

You personally may not be able to secure all your data because much of it may be stored outside of your control; however, there are many ways to reduce risk. For businesses, this includes maintaining proper procedures and security practices. For individuals, this includes good security hygiene. Never share passwords and keep an eye on bank accounts for suspicious activity. As long as there is value in data, we must take steps to secure it.

[1] “Dynamic Changes in Underground Markets,” by Charles McFarland. Cecile Park Media, November 2016.

 

 

 

 

The post Darknet Markets Will Outlive AlphaBay and Hansa Takedowns appeared first on McAfee Blogs.

Nov 21 2016

Symantec buys anti-ID fraud firm LifeLock for $2.3 billion

(credit: Ben Hudson)

Symantec, one of the biggest consumer computer security firms in the world, is about to become even bigger with plans to buy LifeLock—an identity-theft protection service.

The proposed $2.3 billion (£1.86 billion) deal has been okayed by the boards of directors of both companies, and is expected to close in the first quarter of 2017, pending regulatory approval.

LifeLock's shareholders will receive $24 (£19.45) per share—a 16 percent premium to its closing price on Friday of $20.75.

Read 6 remaining paragraphs | Comments

Oct 31 2016

How Valuable is Your Healthcare Data?

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the report Health Warning: Cyberattacks Are Targeting the Health Care Industry, our McAfee Labs team digs into the dark underbelly of cybercrime and data loss involving health care records. In this case, the darkrefers to the dark web.

Following up on the Hidden Data Economy report, we looked further to see if medical data was showing up for sale. We found dark web vendors offering up medical data records by the tens of thousands. One database for sale offered information on 397,000 patients!

2016-10-27_17-36-06

These databases contained not only names, addresses, and phone numbers of patients, but also data about their health care insurance providers and payment card information.

What’s it worth?

Of course, for this to be worth a cybercriminal’s time, they must be able to profit from it. We are finding that health care records to be a bit less valuable than records such as payment card records that contain financial information. The going price for a single record of information on a user that includes name, Social Security number, birth date, account information such as payment card number (referred to as fullz in dark web lingo) can range from $14 to $25 per record. Medical records sell for a much lower price, anywhere from a fraction of a cent to around $2.50 per record.

Does this mean medical records are not as valuable? Although not as lucrative as fullz, medical record information has  higher value than just a username/password record when sold on the dark web. We think that sellers are trying to maximize their gain from the data theft. In one underground market forum, a seller listed 40,000 medical records for $500, but specifically removed the financial data and sold that separately.

Why is the health care industry a target?

Although there are regulations and guidelines for the health care industry to protect patient information, the industry itself faces many challenges. Foremost, the focus of the majority of health care workers is the treatment of patients. Because they are dealing with life and death situations, the equipment used to treat patients must be working and available at a moment’s notice. This means there is often little time to install a patch or an update on a piece of medical equipment. The equipment may also be running an outdated operating system that simply cannot be patched to protect against the latest threats. It is not uncommon to see medical equipment running on Windows 95. The medical industry is also subject to FDA regulations and approvals. There may be equipment that is approved by the FDA only on an older operating system and would need to be recertified if updated.

How do I stay safe?

Unfortunately, these data breaches are outside the control of the average person. Health care providers typically use the information they collect from you for your treatment, so you cannot withhold your home address or phone number. As a consumer, you need to be alert for health care data breaches that potentially impact you.

  • Pay attention to the news: Once discovered, medical data breaches tend to make the evening news. Even if you went to a health care provider only once to get an x-ray because you thought you broke your thumb and that provider experiences a data breach, odds are your information was compromised.
  • Monitor your credit score: A common use for resold information is the opening of credit cards or bank accounts. Subscribing to a credit-monitoring service will help you know if a new account has been opened without your knowledge.
  • Watch out for phishing: If your contact information has been stolen, you are almost certain to be the target of numerous phishing attempts. Keep an eye out for suspicious emails and text messages. You can read one of my previous blogs for tips on how to spot a phishing attempt.

The nature of today’s digital world can unfortunately cause our personal and private data to be leaked. If you stay vigilant, you can reduce the impact these breaches will have on your life.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and “Like” us on Facebook.

Stay Safe!

The post How Valuable is Your Healthcare Data? appeared first on McAfee Blogs.

Oct 28 2016

How Valuable is Your Healthcare Data?

Health care is a hot topic in security right now. A quick search for “hospital ransomware” returns a laundry list of news reports on hospitals as targets of cyberattacks. However, it is not just ransomware that people need to worry about. In the report Health Warning: Cyberattacks Are Targeting the Health Care Industry, our McAfee Labs team digs into the dark underbelly of cybercrime and data loss involving health care records. In this case, the dark refers to the dark web.

Following up on the Hidden Data Economy report, we looked further to see if medical data was showing up for sale. We found dark web vendors offering up medical data records by the tens of thousands. One database for sale offered information on 397,000 patients!

2016-10-27_17-36-06

These databases contained not only names, addresses, and phone numbers of patients, but also data about their health care insurance providers and payment card information.

What’s it worth?

Of course, for this to be worth a cybercriminal’s time, they must be able to profit from it. We are finding that health care records to be a bit less valuable than records such as payment card records that contain financial information. The going price for a single record of information on a user that includes name, Social Security number, birth date, account information such as payment card number (referred to as fullz in dark web lingo) can range from $14 to $25 per record. Medical records sell for a much lower price, anywhere from a fraction of a cent to around $2.50 per record.

Does this mean medical records are not as valuable? Although not as lucrative as fullz, medical record information has  higher value than just a username/password record when sold on the dark web. We think that sellers are trying to maximize their gain from the data theft. In one underground market forum, a seller listed 40,000 medical records for $500, but specifically removed the financial data and sold that separately.

Why is the health care industry a target?

Although there are regulations and guidelines for the health care industry to protect patient information, the industry itself faces many challenges. Foremost, the focus of the majority of health care workers is the treatment of patients. Because they are dealing with life and death situations, the equipment used to treat patients must be working and available at a moment’s notice. This means there is often little time to install a patch or an update on a piece of medical equipment. The equipment may also be running an outdated operating system that simply cannot be patched to protect against the latest threats. It is not uncommon to see medical equipment running on Windows 95. The medical industry is also subject to FDA regulations and approvals. There may be equipment that is approved by the FDA only on an older operating system and would need to be recertified if updated.

How do I stay safe?

Unfortunately, these data breaches are outside the control of the average person. Health care providers typically use the information they collect from you for your treatment, so you cannot withhold your home address or phone number. As a consumer, you need to be alert for health care data breaches that potentially impact you.

  • Pay attention to the news: Once discovered, medical data breaches tend to make the evening news. Even if you went to a health care provider only once to get an x-ray because you thought you broke your thumb and that provider experiences a data breach, odds are your information was compromised.
  • Monitor your credit score: A common use for resold information is the opening of credit cards or bank accounts. Subscribing to a credit-monitoring service will help you know if a new account has been opened without your knowledge.
  • Watch out for phishing: If your contact information has been stolen, you are almost certain to be the target of numerous phishing attempts. Keep an eye out for suspicious emails and text messages. You can read one of my previous blogs for tips on how to spot a phishing attempt.

The nature of today’s digital world can unfortunately cause our personal and private data to be leaked. If you stay vigilant, you can reduce the impact these breaches will have on your life.

Stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and “Like” us on Facebook.

Stay Safe!

The post How Valuable is Your Healthcare Data? appeared first on McAfee.