How hackers turn stolen passwords into profit
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Hacking has become big business
We are long past the era of the 14-year old teenage hacker trying to spoof a corporate or defense network for the fun of it, just because they can. While that still happens, it’s clear that hacking has become big business.
Ransomware attacks estimated to top $5 billion in 2017
From China allegedly stealing billions of dollars annually in intellectual property to ransomware attacks estimated to top $5 billion in 2017, data breaches and the resulting cybercrime are keeping CISO and rank-and-file security managers on their toes.
Medical data has become especially vulnerable
Security teams need to be aware of the full range of what hackers do with this stolen data. The crimes range from stolen IP to filing fraudulent tax rebates to the IRS to setting up a phony medical practice to steal money from Medicare and Medicaid patients and providers. Medical data has become especially vulnerable because many hospitals and medical practices use the same cloud-based ERP or human resources systems and hackers can piece together information and eventually enter a billing or patient information system.
How do hackers monetize stolen information?
“Hackers will often start by selling data on military or government accounts,” says Mark Laliberte, an information security analyst at WatchGuard Technologies. “People are also bad at choosing passwords for individual services and often reuse passwords, which lets hackers try those passwords on the other websites their victims use.” Most security experts agree that passwords are a poor security mechanism. What’s even worse: We’re really bad at passwords. That’s the conclusion of a study that looked at 28.8 million users and their 61.5 million passwords in 107 services over 8 years.
Passwords reuse considered a real “no-go”
A password study by researchers at Virginia Tech found that slightly more than half of all users reused passwords, or used slight modifications of passwords across a range of accounts. Password reuse, considered a major “no-no” by security experts, is considered a major factor in easy-to-hack user authentication schemes. Hackers commit the vast majority of data breaches and cyber crimes in order to make money. But once a hacker has stolen private information like social security numbers, passwords or credit card data, how do they monetize that information?
Steps a hacker will take to sell stolen information
These include selling high-value email addresses and passwords on the dark web, stealing IP, filing fraudulent tax returns, and scamming medical patients or insurance providers.