Every Other Day, a Breach: Data Nightmare Haunts Businesses

In a world where one in every three businesses grapples with cybersecurity threats, the statistics on data breaches present an alarming picture. A study by Kaspersky Lab, conducted in 2022-2023 and encompassing 700 companies across various sectors including industry, telecommunications, finance, and retail, revealed that 223 of them were mentioned in darknet markets in the context of data breaches.

Kaspersky Lab’s primary focus has been on three key threats: the sale of compromised accounts, internal databases, and documents, as well as access to corporate infrastructures. According to the lab’s data, about 1,700 posts related to the sale, distribution, or purchase of data resulting from leaks appear on darknet markets monthly.

The study also indicates that not every post signifies a unique or current leak. Often, these are repeated announcements of the same leaks, mergers, or divisions of databases by countries, and databases with public data, such as from social networks. For example, in 2021, the personal data of over 700 million LinkedIn users and 533 million Facebook users were stolen and published on the darknet.

One popular type of data sold on the darknet is access to infrastructures. In 2022, around 3,000 unique offers for such access were discovered, and by November 2023, this number exceeded 3,100. These accesses typically include corporate VPN service accounts and some servers or hosts in internal networks.

Additionally, compromised accounts represent a significant data category. Such data can be divided into three types:

• Public leaks freely circulated within the cybercriminal community;
• Leaks with restricted access, are sold on hacker forums and in private chats. Sometimes these are just small databases containing unverified information that can even be generated;
• Compromised user accounts obtained through malware.

All three types of account data leaks pose a threat to companies, as, despite prohibitions, employees use corporate email addresses to register on external sites. In a typical scenario, employees use the same passwords for external services and corporate resources, which can aid cybercriminals in gaining unauthorized access to corporate infrastructure.

It’s important to note that upon discovering a data breach, there is no time for regrets over unimplemented security measures. Swift threat identification and a competent incident response plan can neutralize the situation or at least mitigate the damage.