The history of network and cyber security seems to be a recursive loop of threats and solutions. The bad guys use similar tactics, from zero-day vulnerabilities to phishing, to gain access. The good guys are constantly shoring up their network hygiene with accepted strategies. Like the cobra and the mongoose, this eternal struggle continues unabated.
But not unchanged. Threats and counter-moves are shifting all the time – sometimes subtly, but always in important ways. The technology advances. New threats arise. New tools are created and disseminated on both sides.
The recent hack of the Twitch gaming platform illustrated shifts in motivations for hackers, which may require the network guardians to rethink their protection priorities. For decades, one primary worry for CISOs was concern about being hacked for the purpose of gathering personal data to be sold on the dark web. For a number of reasons, the hacking priorities seem to have shifted.
One of those reasons seems to be pure economics. Your personal data is simply not worth as much right now as the same stolen credentials would have been worth 10-15 years ago. A study last year by privacy affairs shows surprisingly low costs for full sets of stolen information on the dark web, including:
- Online banking logins cost an average of $25
- Full credit card details including associated data cost $12-20
- A full range of documents and account details allowing identity theft can be obtained for $1,275.
The researchers note that the costs have dropped because so much data is currently available and easy for criminals to obtain.
So such attacks are not stopping, because new credentials – especially cards and account access – are always more valuable than older versions. But the big-time criminal cannot make as much money selling a slate of stolen personal information online as they used to be able to generate. This means that it is much less work, and probably more economic benefit, to sell a stolen set of credentials back to the company the hacker took them from.
This may be a reason for the prevalence of sophisticated ransomware attacks where the attacker both tries to lock down company computers, but also steals information to sell back to the victim. The rise of cyberinsurance encourages this trend. Not only is life easier for hackers to sell the data back to one motivated buyer, but with cyberinsurance, they can be sure the victim has available money to pay. Plus, if insurance pays, it is easier for company management to make part with the money. The most prominent hacking categories in the past year – ransomware and email-enabled fraud – are exactly the hacks with the most direct pay-outs. The criminals receive large payments directly from the victims, rather than being forced to sell stolen personal information and account data after it was captured.