THE DATA BREACH EPIDEMIC – KEY FINDINGS FROM VERINT’S COMPREHENSIVE CTI REPORT

In the past few years we have witnessed a growing number of significant data breaches.

The Data Breach Epidemic Report reviews the most significant data breaches that occurred in 2018 and provides our analysis of the major data leaks. It also includes key trends we identified based on ~5B leaked records detected and analyzed by our team.

KEY FINDINGS:

  1. 4,812,840,627 – Total Leaked Records In 2018
  2. 1,925,136,251 – Unique Records
  3. 24,224,940 – Organizations
  4. 53% of all leaked data comes from .com domains
  5. Distribution of “Combo Lists” is the key trend in the 2018 data leaks
  6. Leaked records by region:
  • APAC – 1.5B records
  • EMEA – 728M records
  • LATAM – 34M records
Many “Combo Lists” published in 2018 targeted specific regions, indicating leading interests of hackers’ groups

THE ANALYSIS PROCESS

In order to identify and analyze the major breaches of 2018, our analysts have been continuously monitoring activities on the Dark Web, in closed hacking communities and in other sources, to uncover indicators of breaches and data leaks.

In the report you will find a summary of the most popular ways hackers use to exploit stolen data, with real-life examples of attacks that exploited leaked records.

Want to know more? Download the report here

SOME LEAKS ARE MORE VALUABLE THAN OTHERS

Based on our analysis of the leaked data we obtained from several underground sources, we were able to identify several key trends, for example, the increasing distribution of “Combo Lists”, the demand for region specific leaks and countries that had most government data leaked.

ANALYSIS OF EXPLOITATION METHODS

The report also shares the hackers’ perspective, reviewing the most popular ways hackers use to exploit leaked data. These include credential stuffing attacks, brute force attacks, social engineering and email based-attacks. This information is valuable as it can really help organizations prioritize risk and improve their resilience and readiness against these attack methods.

THE BIGGEST DATA BREACHES OF 2018

In the report, you will find the list of the most prominent data breaches that occurred in 2018, and what we can learn from the millions of compromised records and stolen data.

Download the Full Report Here

The Awakening of PoS Malware (or, Has It Really Been Dormant?)

The peak of activity of Point-of-Sale (PoS) malware was in late 2013 (with the disclosure of the notorious Target breach), and over the course of 2014, when we witnessed the development and trade of new PoS malware strains. The vigorous discussions on hacking communities at the time, has led hackers to believe PoS malware would ensure them an easy profit. However, as time passed, Continue reading “The Awakening of PoS Malware (or, Has It Really Been Dormant?)”

A New Darknet Platform Publishes a Huge Amount of Data, from Around the World

In the past few months, an alleged group of transparency advocates, headed by activist Emma Best (@NatSecGeek), created an online repository of leaked data similar to WikiLeaks, named “Distributed Denial of Secrets” (@DDoSecrets).

Our initial examination revealed that the repository includes a great volume of data aggregated from past leaks, but also several new ones. The data is extremely diverse and consists of documents, hacked emails, leaked credentials, and other data, which has been leaked over the years, by a variety of actors (hacktivists, APTs, etc).

The platform was established in late 2018 and became public on Continue reading “A New Darknet Platform Publishes a Huge Amount of Data, from Around the World”

What will The Dark Overlord Do Next – a CTI Assessment

On December 31, 2018, a cybercrime group going by the handle The Dark Overlord (hereafter TDO) claimed he had hacked an unnamed company, and exfiltrated a large volume of sensitive documents related to the 9/11 terror attacks-related lawsuits. TDOaims to extort the impacted organizations into paying a Bitcoin ransom and he already published batches of the leakage after creating a public auction system, where anyone can contribute Bitcoins to unlock new documents. Continue reading “What will The Dark Overlord Do Next – a CTI Assessment”

Growing Awareness of the Darknet in China Following Huge Domestic Database Breaches

In recent weeks, we have identified a growing awareness on Chinese security blogs and mainstream media, to the existence of the Darknet, and the activities of Chinese users on its platforms. The focus is mostly on the sale of leaked data, mainly of Chinese citizens. One of these leaks pertained to the Huazhu hotel group, and was one of two major data breaches that occurred simultaneously in China, raising awareness to this issue. The second breach was the database of SF Express, a delivery service company based in Shenzhen, Guangdong Province. Continue reading “Growing Awareness of the Darknet in China Following Huge Domestic Database Breaches”

PyLocky Ransomware Source Code Leaked Online

PyLocky represents a new ransomware strain that was detected in the wild in late July 2018, and whose volume of infections increased throughout the month of August. The malware is usually distributed through malspam emails claiming to link to a fake payment invoice, and it features advanced anti-detection and anti-sandbox capabilities. Notably, infection telemetry data shows that PyLocky mainly targeted France and German cyberspace, but ransom notes also exist in Italian and Korean.

On September 11, 2018, we detected the leakage of PyLocky source code on Pastebin. Thus far, the incident has not received media attention. However, the paste was viewed by over 2,500 users. Therefore, our assessment is that this leakage might lower the barrier to entry for wannabe cybercriminals, possibly leading to an increase in malspam campaigns distributing this malware strain in the future. Continue reading “PyLocky Ransomware Source Code Leaked Online”

Source Code of Ratopak/Pegasus Spyware Targeting the Financial Sector Recently Leaked

On July 6, 2018, a post claiming to contain the source code of Carbanak group malware was published on a Russian-speaking underground forum. Soon after the sharing of the code on the Russian underground, it was uploaded by an unknown actor to the text-sharing platform Pastebin, making it accessible to all. At the same time, malware researchers analyzing the shared code discovered the malware is not one used by the Carbanak group, but rather, it is the Ratopak/Pegasus spyware, used in attacks against Russian banks in 2016. Continue reading “Source Code of Ratopak/Pegasus Spyware Targeting the Financial Sector Recently Leaked”

Cybercriminals Integrate Exploit for CVE-2018-8174 into Numerous Attack Tools

The CVE-2018-8174 vulnerability, also dubbed “Double Kill,” was discovered in the beginning of May 2018, when it was exploited as a 0-day in an APT attack leveraging malicious Office files in China. The vulnerability affects users with Internet Explorer installed, either after they browse the web or after they open crafted Office documents – even if the default browser on the victim’s machine is not set to IE. Moreover, it will also affect IE11, even though VBScript is no longer supported by using the compatibility tag for IE10. Microsoft patched the vulnerability on May 8, 2018. Continue reading “Cybercriminals Integrate Exploit for CVE-2018-8174 into Numerous Attack Tools”

Sharp Rise in Mining-Related Malware on the Russian-speaking Underground

Verint’s powerful portfolio of interception and monitoring solutions provides full monitoring and operational value. Dedicated systems address separate real-time and retroactive investigation needs, for lawful monitoring, field operations and background research. In the case below, we have used our Cyber and Webint suite to constantly monitor, collect and analyze malware-related items, to gain actionable intelligence and perform the investigation. Continue reading “Sharp Rise in Mining-Related Malware on the Russian-speaking Underground”

TOO SOON TO PATCH? – TIMESPAN FROM EXPOSURE TO ATTACK

This is an excerpt from the SenseCy 2017 Annual Report. To receive the full version of the report, please contact us at CyberThreat.Insider@verint.com

In the past year, the number of disclosed vulnerabilities (14,712) reached an all-time peak in all of cyber-history – twice as high as the two previous years: 6,480 vulnerabilities were Continue reading “TOO SOON TO PATCH? – TIMESPAN FROM EXPOSURE TO ATTACK”