The recently disclosed Russian hack in which a Russian cyber gang stole billions of passwords from both commercial websites and consumers highlights the challenges we all face in our day to day activities on the web. Cyber thieves are targeting us all in their quest to make money and as we’ve talked about before, the Russian underground is the biggest and baddest of the underground economies. The goal of this group is to steal as much money from the West and bring into their own country, and as such, this won’t be the last time this occurs.
Cybercriminals can use these stolen credentials in a number of ways. Likely they are selling them within the underground for different amounts depending on the information stolen. Trend Micro researchers have been monitoring the Russian Underground market for a number of years and publishing prices of goods and services sold within. Besides looking for Twitter account credentials, the email addresses are likely being sold to spammers. From our Russian underground investigation the prices for spamming messages are below.
|Spamming (per 10,000 messages):
• Generic (uses a public database)
As you see, the prices of stolen data have been dropping each year, and as such cybercriminals need to steal more data to make the same amount of money. This is a key reason why we’re seeing more high-volume attacks, whether the recent retail breaches against vendors who process a lot of credit cards, or attacks like the one discussed here. Compromising sites is a lot more efficient than trying to compromise individual users directly.
The lesson from this we should all take is the cybercriminal underground is thriving and growing as the number of victims continues to grow on the web. Criminals have always gone to where the money is, and since 90+% of all currency is now online, they will continue to look for ways to steal it.
There are some specific behaviors we can all do to help mitigate our risks associated with these attacks. The following are a few best practices both commercial businesses and consumers can take now to help improve their security profile.
- Monitor your website(s) regularly for malicious compromise. Cybercriminals have been using legitimate sites for years to infect their victims as most security vendors will not block a legitimate site. Scan for SQL Injections or cross-site scripts (malicious scripts) on your sites as well as check for known vulnerabilities in your web apps. Using a service that regularly scans your site for malicious activity can help here.
- Secure your databases that host customer data as well as your own internal employee data. Only allow authorized users to access and if you can, add two-factor authentication for access. Also, encrypt the data if possible.
- The big challenge for consumers is when they visit a legitimate site that has been compromised, it is difficult to know. The best option for this is to ensure you have a good URL filtering solution that incorporates both web reputation and browser exploit prevention technology. Criminals usually redirect the user to another site where the actual infection occurs, and security vendors will block these redirects if not the legitimate site’s page if it is infecting the user outright.
- Consumers are often sent spam or phishing emails that entice them to open a weaponized attachment or click on a link. Either of these actions can result in an infection. As such, a good anti-spam/anti-phishing solution that includes checking embedded URLs help. But also, be aware of who is sending you these emails and if they look fishy, they probably are.
- The stolen credentials (username & password) are supposedly being used to access victim’s twitter accounts. As such, users should monitor their social media accounts as there has been a lot of spam and phishing within social media in the last year. Be careful of messages within social media that are asking you to click on a link and have topics that try to entice you to click.
- I recommend you update your passwords on most of your online accounts regularly and if you have access to a password manager that can create strong passwords for you as well as manage your multiple account credentials. Note, you should not use the same password among your accounts.
Online users need to be a lot more suspicious of where they go online, of emails they receive, and of their social media interactions. Being aware of your surroundings is a key safety tip when you are in a strange city, think of the Internet as a strange city and be aware of your cyber surroundings.
Authored by:- Mr. Dhanya Thakkar, Managing Director, India & SEA, Trend Micro