All data has been already stolen. What’s next?

The average American’s data has been stolen several times. Now when it’s done, what would a cybercriminal do next? We have discussed it at RSA Conference 2016.

All data has been already stolen. What's next?

Cybercriminals are starting to shift their focus from stealing personal data to other actions which bring immediate profit, experts at SANS institute say. At the recent ‘The Seven Most Dangerous New Attack Techniques’ roundtable held at the RSA Conference, Dr. Johannes Ullrich demonstrated a curious slide with a modest header saying ‘Changes in malware economics’ which contained a far more radical statement: ‘ALL DATA HAS BEEN STOLEN’.

All data has been already stolen. What's next?

In the US alone, Ulrich says, cybercriminals had already laid their hands on 191 million voter records (bearing in mind the total number of voters in the US is 142 million). That means some records were stolen more than once. As for the credit card data, the numbers are not that shocking, but, of course, they do raise concerns: of 170 million cards issued, 61 million has been compromised (as of 2014).

Since hackers’ ‘dedicated’ work has led to a surplus in ‘production’ (if you see cybecrime as an industry), the price of the data on the black market has dropped. With this trend, the theft of user information has become a less profitable and thus less attractive venture for hackers, who then started to search for new ways of gaining profit. Now cybercriminals are increasingly prone to directly demanding ransoms from a victim, no matter who the latter is — an individual or a business.

The number of cases involving DDoS extortion has significantly increased: the culprits won’t stop attacking until the target pays the ransom. Ransomware is becoming more varied and more sophisticated. Among the the recently publicized were the cases of ransomware attacks on two hospitals, and one of them was ultimately forced to pay the ransom in order to decrypt the valuable information.

A much less prominent yet more proliferating phenomenon is a new generation of ransomware capable of blocking access to websites. Recently a number of WordPress blogs were hit by CTB-Locker. Cybercriminals would gain access through vulnerabilities in the WordPress engine and then encrypt all the contents of the website. They would then add a few lines of code which would allow them to open the page in a browser and get in touch with the attackers as if through the ‘technical support chat’.

As a sign of ‘good will’, the criminals would decrypt two files free of charge. You might say, “Why go to so much trouble just for a blog?” However, WordPress engine’s simplicity and convenience made it the platform of choice for many online stores and even corporate websites. In those cases, the value of website contents might be huge.

Encrypting data is not equal to stealing it — as it turns out, the first may be even worse. Admiral Michael Rogers, head of the NSA, which also had spoken at RSA 2016, names this one of his worst nightmares. ‘What happens when the same activity is used to manipulate data, software or security products, and suddenly we no longer trust the data we are seeing? What do we do about that?”‘ — he asks.

Average users still have to watch out for ransomware that encrypts PC data. Also, the attackers are increasingly looking into opportunities to target smartphones: Android ransomware is already in the wild. Besides encrypting data, it makes the handset entirely unusable.

Since a large portion of smartphones do have unpatched vulnerabilities (like Stagefright) and Android malware has quickly become more sophisticated, we are witnessing even more disastrous Android attacks which would enable cybercriminals to both steal money from a phone or bank account and demand ransoms.

SANS experts did not cover protection techniques thoroughly, but we will do this job for them.

1. Websites owners should regularly update both WordPress and its add-ons. Since it’s a tedious job, consider a specialized web hosting which would run those updates automatically.

2. Don’t forget to regularly download website backups which are usually run by a hosting provider and keep them in an offline storage.

3. Back up your critical data regularly and keep it in a detached storage – the best option here would be an external hard drive. As for smartphones, we recommend using cloud storage and uploading all the critical data there.

4. Ensure your home PC is properly protected. By the way, Kaspersky Internet Security safeguards your documents if it spots some suspicious activity which looks like something’s trying to encrypt your files.

5. It is vital to regularly update and patch the operating system, browser, antivirus and key applications for all the devices you use. If it seems to take too much time, try automatic update.