Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Attackers are building big data warehouses of stolen credentials and PII

David Geer | Dec. 9, 2015
Attackers are swapping, selling, and associating increasing stores of linked PII and credentials to run deeper, broader, and more stealthy information invasions.

warehouse
Credit: Jenn Durfey

According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.

A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.

Attackers are applying a data warehousing and big data analytics business model to stolen data, increasing its value and the damage it can do. “Leveraging analytic techniques used in the world of big data, these criminals will look for links and correlations throughout their trove of stolen information, reverse engineering personal identities and selling that intelligence to the highest bidder,” according to the McAfee Labs 2016 Threat Predictions.

“This technique will enable thieves to circumvent commonly used techniques to verify identity—Social Security numbers, birthdates, last four digits of credit cards, or answers to typical security questions—and essentially sell legitimate credentials and make it more difficult for security defenses to identify suspicious behavior. Cybercriminals may even be able to use behavioral analytics to figure out what purchases can be made with stolen payment card info that will not trigger an alert,” the McAfee Labs 2016 Threat Predictions clarify.

Indicators of developing attacker data warehouses include the nature of the data offered for sale. “On one of the websites, we saw that you could ask for data and passwords by industry sector,” says Beek. Attackers are also swapping data from different breaches with each other so that they can build up stronger user profiles. “We see discussions in closed forums where one group is exchanging files with another group just to benefit each other’s operations in this way,” he affirms.

These warehouse approaches could grow, using the same kinds of analytics on harvested PII data that legitimate businesses do on their big data stores. They could identify patterns and create robust databases that connect information about the person’s place of employment with their personal profile and quickly reach far beyond the data that the criminal started with. “They could achieve a lot without ever noticeably breaching a company,” says Beek.

The resulting threat

The threat, explains Beek, is that an attacker could fly under the radar, so to speak, and mimic the purchasing habits, login periods, and location of the user whose PII they have stolen so well that it would be very hard to detect it.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.