Privacy Breach: The Hidden Threats.
An online presence is essential, but equally as crucial is security. To secure your business’s and sensitive client information, operating in this space requires vigilance, processes and investment. As businesses, we want to avoid security breaches but do we know the true impacts? In Privacy Breach: The Hidden Threats, we explore the unforeseen damage that can occur after compromise, put a price on what was lost and prepare you for the true cost of a security breach.
Privacy Breach: The Evolving Threat Landscape
Most businesses are aware of the threat caused by inflation, labour shortage, etc. but few are fully aware of what goes on in the cyber sphere. Below are a few definitions to get to know:
- Phishing is a type of social engineering attack where the attacker sends a fraudulent email or text message that appears to be from a legitimate source, such as a bank or credit card company. The goal of phishing is to trick the victim into clicking on a malicious link or providing personal information, such as their username, password, or credit card number.
- Man-in-the-middle (MITM) attack is a type of cyberattack where the attacker secretly relays and alters data between two parties who believe they are directly communicating with each other. The attacker can eavesdrop on the traffic and modify it without either party being aware.
- Bring Your Own Device (BYOD) is a policy that allows employees to use their own personal devices, such as smartphones and laptops, for work-related activities. This can pose a security risk if employees are not properly trained on how to use their devices securely.
- Ransomware as a Service (RaaS) is a type of cybercrime where the attacker provides the ransomware and the infrastructure to deliver it, while the victim is responsible for finding and exploiting vulnerabilities to infect the target. RaaS makes it easier for criminals to launch ransomware attacks, as they do not need to have the technical expertise to develop and deploy their own ransomware.
Privacy Breach: The Evolving Threat Landscape Continued
- Fileless malware is a type of malware that does not rely on traditional files to infect a system. Instead, fileless malware can spread through other means, such as through memory-resident malware or through exploiting vulnerabilities in software. Fileless malware can be difficult to detect and remove, as it does not leave any trace on the system.
- Zero-day attack is a type of cyberattack that exploits a vulnerability in software that the software vendor is not aware of. Zero-day attacks are often challenging to defend against, as there is no patch available to fix the vulnerability.
- Advanced Persistent Threat (APT) is a type of threat actor that is highly sophisticated and well-resourced. APTs are often nation-states or state-sponsored groups that use cyber attacks to steal information or disrupt critical infrastructure.
- Mimikatz is a Windows privilege escalation tool that can be used to steal passwords, hashes, and other sensitive information. Attackers often use Mimikatz to gain access to systems and networks.
- Triple extortion ransomware is a type of ransomware that encrypts a victim’s files and demands a ransom payment. In addition to the ransom payment, triple extortion ransomware attackers also threaten to release the victim’s files or publish them online if the ransom is not paid.
Privacy Breach: The Threat Business
“Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service”(Robert Lemos, contributing writer, Dark Reading)
A cohort of cybercriminals is always striving for efficient processes. Let’s take Ransomware as a Service for instance, at the top of you’re pyramid you have your developers, followed by your affiliates and finally, the unfortunate victims. The top end extorts the victims and then shares a percentage with their affiliates. The aforementioned model is an abridged, simplistic one, here are some of the structured RaaS revenue models.
Monthly Subscription Flat Fee
A monthly subscription flat fee RaaS revenue model is a business model where RaaS providers charge a monthly subscription fee for access to their ransomware-as-a-service platform. This model is becoming increasingly popular, as it provides RaaS providers with a more predictable and sustainable revenue stream.
Under a monthly subscription flat fee RaaS revenue model, RaaS providers typically offer a variety of features and services, such as:
- Access to the ransomware itself
- Infrastructure to deliver the ransomware
- Customer support
- Updates and patches
- Access to a community of other RaaS users
The cost of a monthly subscription flat fee RaaS revenue model varies, but it typically ranges from $50 to $500 per month. The price is typically based on the number of users or devices that will be using the RaaS platform.
RaaS (Ransomware-as-a-Service) Affiliate programs are a type of business model where RaaS operators (also known as “RaaS providers”) provide affiliates with access to their ransomware-as-a-service platform in exchange for a commission on any ransom payments that are collected.
Consequently, RaaS Affiliate programs are becoming increasingly popular, as they allow RaaS providers to expand their reach and increase their profits without having to invest in additional resources. Affiliates can be anyone, from individuals to organised crime groups.
The Affiliate programs typically work as follows:
- Firstly, the RaaS provider creates a RaaS Affiliate program and sets up a website or portal where affiliates can sign up.
- Then, an affiliate pays a fee to join the RaaS Affiliate program.
- The affiliate is given access to the RaaS provider’s ransomware-as-a-service platform.
- Affiliates then use the RaaS platform to launch ransomware attacks.
- Finally, if the affiliate is successful in launching a ransomware attack and collecting a ransom payment, they will receive a commission from the RaaS provider.
The commission rate that RaaS providers offer to their affiliates varies, but it typically ranges from 20% to 50% of the ransom payment.
One-Time License Fee with No Profit Share
A one-time license fee with no profit share RaaS revenue model where RaaS providers charge a one-time fee for access to their ransomware-as-a-service platform. Under this model, RaaS providers do not receive any additional revenue from ransom payments collected by their affiliates.
A Pure Profit Share Privacy Breach
Pure profit share in RaaS revenue models is where the RaaS provider receives 100% of the ransom payment. Under this model, the RaaS provider does not charge fees for ransomware-as-a-service platform access. Instead, they rely on affiliates to launch ransomware attacks and collect ransom payments.Each ransom payment collected results in the RaaS provider receiving a commission.
Bug bounties in RaaS are a type of incentive program where RaaS providers offer rewards to security researchers. Their challenge is to find and report vulnerabilities in their ransomware-as-a-service platform. The incentives involved in this type of activity can reach the $1 million dollar price point.
The Spoils of a Privacy Breach
Many of us are aware of the ‘dark’ web and its dangers but what are cybercriminals capable of obtaining through visiting? We have some examples from ConnectWise’s dark web monitoring activities.
Phishing as a Service
After gaining entry to the dark web, cybercriminals have the ability to access a variety of cyber threat options. Worryingly, the EvilProxy PaaS tool(above) is able to bypass multifactor authentication. EvilProxy works by sitting between a website and some form of online authentication endpoint such as a login page. Secondly, the server will then present a fake login page that looks identical to the real login page. If the user enters their username and password on the fake login page, EvilProxy will consequently steal the credentials. To defend against this malicious threat it will require extremely robust cybersecurity solutions for business.
Privacy Breach: Passports and Sensitive Documents
Cybercriminals have various motivations for stealing passports and identity documentation. Firstly, there’s the obvious one, Identity theft but there are others to look out for:
- Immigration fraud: Passports are used to commit immigration fraud.. Using a fake passport or someone else’s passport allows individuals to accomplish this.
- Money laundering: Additionally, passports are used to launder money. By utilising a passport to travel to a country with lax financial regulations, individuals can then deposit the money into a bank account within that country.
Privacy Breach: Firearms and Illegal Contraband
The anonymity provided by the dark web is a major driving factor in illegal activity. Therefore, this attracts individuals seeking to bypass strict gun control regulations or acquire weapons without undergoing background checks. Additionally, the dark web marketplace can grant access to rare models not readily available through legal means. Below is an example.
If you would like to access webinar content on the topic of cybersecurity check out our latest webinar here
Privacy Breach: The Threat Playground
Approximately 96% of the web is composed of the ‘deep’ and ‘dark’ web. The internet as we know it i.e. social media, Amazon etc. equates to only 4%. The ‘deep’ web predominantly stores online records, such as medical records and academic records, while the ‘dark’ web is often utilized for nefarious purposes.
The sale of credit card details, illegal firearms and drugs are readily available but what of the consequences? According to our cybersecurity partners Connectwise, the impacts on businesses are devastating:
- The average ransomware dwell time is 23 days
- A typical ransom comes at an average cost of 10% of a business’s annual revenue
- The average downtime is 21 days
- The average disaster recovery costs are 1.4million
- Legislation- fines/legal compliance
From an insurer’s point of view, businesses are liable if they don’t practice cybersecurity compliance. Consequently, insurers have created a tiered model of coverage as seen below.
Unsure about your business’s data and privacy? To further strengthen your cybersecurity measures, we encourage you to take advantage of the ConnectWise Identify risk assessment.
Get a head start on your cybersecurity without burning your budget and benefit from a free assessment.
Privacy Breach: Cybersecurity Law
For businesses, it’s key to understand the laws that protect your assets and reputation. Below are some important laws and legislation to consider:
- The Computer Misuse Act 1990 (CMA) is the main piece of legislation governing cybersecurity in the UK. It makes it a criminal offence to gain unauthorised access to a computer system or to cause damage to a computer system or data.
- The Data Protection Act 2018 (DPA) is the UK’s data protection law. It sets out requirements for organisations that process personal data, including requirements to take steps to protect personal data from unauthorized access, use, disclosure, or loss.
- The Network and Information Systems Regulations 2018 (NIS Regulations) are a set of regulations that set out requirements for organisations that provide essential services, such as water, electricity, and telecommunications. The NIS Regulations require organizations to take steps to protect their networks and information systems from unauthorized access, use, disclosure, or disruption.
In addition to these laws, the UK government has also published a number of cybersecurity guidance documents, including:
- The National Cyber Security Strategy sets out the UK government’s vision for cybersecurity and outlines the steps that the government is taking to improve cybersecurity in the UK.
- The Cyber Security Framework provides guidance on how organisations can improve their cybersecurity posture.
- The Cyber Security Practice Guidance provides detailed guidance on how organisations can implement specific cybersecurity controls.
See our webinar page for more cybersecurity resources.
In conclusion, operating in the online space requires businesses to prioritise security measures and remain vigilant. The impacts of security breaches can be far-reaching and often underestimated. Cybercriminals employ various tactics to exploit vulnerabilities and gain unauthorised access to sensitive information. The dark web serves as a marketplace for illicit activities, with significant consequences for businesses and individuals alike. The financial losses resulting from ransomware attacks, highlight the need for robust cybersecurity measures and compliance with relevant legislation. Understanding the true cost of a security breach is essential for businesses to invest in adequate protection, including comprehensive insurance coverage, and to prioritise privacy and database protection to safeguard their operations and the trust of their clients.
If you require an experienced and knowledgeable IT consultation, our experts are waiting to hear from you. We have the product and managed security service offerings to neutralise potential threats, empower your workforce and protect your business. Fill out the form below to get in touch.