Suite 27, Liberty House, The Enterprise Centre, Greenham Business Park

Businesses beware: hacking sinks to new level with stolen data auctioned for cryptocash

08 Jan

By: Shannon Elliott

News, info & events

Cybercrime stakes just rose – or fell, depending on how you look at it – to a new level and business leaders need to sit up and take notice if they’re not to fall victim to the new type of extortion seen in the last few days.

The hacking group which calls themselves “The Dark Overlord” has morphed from leaking episodes of Netflix’s Orange is the New Black, to offering to release hacked insurance information relating to 9/11 litigation as well as cosmetic surgery photos of celebrities if they aren’t paid a Bitcoin ransom.  And in a further worrying twist, the group has offered to release the information, bit by bit, in return for anyone sending them Bitcoin donations, which began to pour in, crowd-funding style, from those keen to find out what the materials contained.  Of course, this begs the question of whether those sending funds are committing any criminal offence, but the use of crypto-currency leaves donors just about as untraceable as the hackers who receive the money.

Even though the group’s Twitter account was suspended they’re using different, less mainstream, social media outlets to carry out their sophisticated PR campaign to raise the level of interest in the stolen data they claim to have.

Whether or not they go as far as releasing all the information they hold remains to be seen, but this new approach from hackers should have business leaders – and anyone else worried about data or images of themselves being hacked and revealed – asking themselves whether they’re doing enough to protect their data and that of their customers, employees or others.  Gone are the days, it seems, of hackers simply applying ransomware tactics to gain financial reward from victim organisations or individuals – it’s now a case of whether leaked or lost data can now be sold to the highest bidder, or auctioned for public release. Either way, the hackers win – encouraging others to adopt the same tactic.

EnterpriseRed urges businesses to step up their vigilance over the robustness of their systems if they don’t want to find themselves in a similar situation, held to ransom or losing sensitive or important data to third parties with Bitcoin to spend, with potentially catastrophic results for their reputations and bottom lines.

Historically, penetration testing, to check the resilience of business systems to breach, has been an intermittent and costly on-site process but new technologies have evolved, enabling leaders to stay vigilant and informed about the potential vulnerabilities in their infrastructure and one step ahead of the hackers.

EnterpriseRed works with a leading provider of automated pen-testing which mimics the hacker’s attack, automating the discovery of vulnerabilities without disrupting network operations.  Detailed reports are produced together with proposed remediations. The cost-effective platform is like having a thousand pen-testers at your service, 24/7, checking the infrastructure and keeping your guard up at all times.

To find out more about this platform and all EnterpriseRed’s products and services to improve cybersecurity, contact us today.