A password has the same functions as the keys to a company building or a user’s address. Thanks to her, a person can protect personal, banking or work information that under no circumstances should it fall into the hands of a third party. Especially if it is malicious. And the fact is that there are not few groups of threats that are after this data to do business with them on the internet. This is demonstrated, for example, by the recent announcement made by the portal ZDNet in which it is stated that a group of cybercriminals has accessed the keys of hundreds of company executives around the world.
Specifically, criminals are trading passwords and bank accounts. Office 365 Y Microsoft on a closed Russian-speaking forum for hackers called Exploit.in. As stated by the portal specialized in cybersecurity, the prices of each one move between 100 and 1,500 dollars depending on the size of the company and the specific position of the executive. The use of these sites for the sale of stolen information on the Internet has been known and common for years. According to the report of Trend Micro « Changes in the markets of the cybercriminal underground“, In 2019 these platforms were used to” bid “close to five million credentials and accounts. Whether from social networks, online banking or work email.
“Cybercriminals are perfectly organized into specialized gangs in different sectors of cybercrime. A key factor in understanding the evolution of this sector and how the current situation has been reached is the existence of a cybercriminal ‘underground’ where all kinds of related services are sold and exchanged. This underground is a kind of market or souk where cybercriminals contact other specialists in different areas and acquire the parts of the attacks that they cannot or do not want to carry out ”, explains to this newspaper about the role of these markets David Sancho, responsible of the Trend Micro Iberia research team.
The growing importance of the dark internet, and the development of technologies capable of extracting information from the user, have become a real headache for companies and cybersecurity experts. Especially in these times of pandemic where defense has become increasingly difficult. To a large extent, due to the enormous increase in the exhibition area of companies due to teleworking. The solutions that make it possible have allowed the world, and companies, to keep spinning while the user remains at home to protect themselves from Covid-19. However, su rapid implementation has made the security of companies more fragile than expected.
Be that as it may, as long as the virus does not remit, and some firms continue to fail to catch up in defense – and make their employees work with their personal computers – cybercriminals will continue to look for holes to steal data and do all the damage possible. This is supported by most cybersecurity companies and studies, such as the recent Cyber Threats and Trends Report. Edition 2020 prepared by the National Cryptological Center.
How do they steal your keys?
When stealing private information from a company or user, such as passwords to social networks, mail or online banking, cybercriminals can employ various tactics. Possibly the most widespread is the «phishing»; a type of attack that does not have to be directed and that is only intended to victim delivers as much data as possible without the victim knowing. It usually begins with an email or other type of message in which the criminal impersonates a third party -such as a company or a public institution- to deceive the victim into delivering everything that is requested without being aware of it.
You can also use a virus with the ability to trojan to steal data from a computer and send it to the attacker. One of the most widespread at the moment is Emotet, which is usually used especially to steal bank passwords and reaches the user, usually hidden in spam emails that incorporate a hyperlink to start the download of the malicious code.
Likewise, during 2020 the use of more advanced ransomware, capable of stealing information from companies before hijacking their computers, has become another great trend. The use of this type of malicious code grew 160% in Spain between July and September, according to data recently revealed by the cybersecurity company Check Point.
“This attack allows that before the encryption of the information a part is extracted to threaten the affected company with making it public. What an incentive to pay a ransom. If you want your data you have to pay. In addition, they filter part of the data on the “dark web” so that they see that you are serious », points out Eusebio Nieva, technical director of the cybersecurity company Check Point. One of the viruses with these capabilities most used in recent months is called Ryuk. This “ransomware”, which is very advanced and of Russian origin, was behind the cyberattack that the technology company Garmin suffered last July.