From Company Server to Underground Marketplace: The Journey of Stolen Data

In a recent e-book, The Evolution of Corporate Cyberthreats (available for download here), our technology partner Kaspersky takes us on a brief journey through the world of corporate cyberthreats. It’s no secret that cybercrime is a lucrative and profitable business. Companies need ever larger IT teams, and even that isn’t a guarantee that your company’s systems will not be breached. In 2013, there were 1367 confirmed data breaches and 63,437 security incidents. Staying in the know plays a key role in proper defense.

If you don’t know it’s there, you can’t defend against it.

Not surprisingly, APT still is, and will continue to be, the no.1 threat to any organization. It’s not about the size of a company – even SMBs are targeted nowadays. Whether it’s for competitive intelligence (trade secrets, technology, insider information, governmental secrets, infrastructure, etc.), or strictly for financial gain (to sell stolen information on the black market or to a competitor), if you own valuable information, you will become a target sooner or later.

Where does the information stolen from you go once it’s in the hands of cyberthieves? It will most likely find its way to an underground marketplace, usually on an anonymous marketplace somewhere on the TOR (The Onion Router) network. There are many underground marketplaces, where criminals sell everything from stolen SSNs, credit cards, hacked bank accounts, guns, drugs, counterfeit money, to malware and other cybercriminal tools such as skimmers.

Of course, this entire underground ecosystem is supported by Bitcoin – an anonymous cryptocurrency operating on a peer-to-peer model. Bitcoin exploded in popularity in recent years because of its decentralized, anonymous nature. “Attacks on Bitcoin pools, exchanges and Bitcoin users will become one of the most high-profile topics of the year. Such attacks will be especially popular with fraudsters as their cost-to income ratio is very favorable,” experts predicted last year. We know now that this has proven to be true in February 2014, when the Mt.Gox Bitcoin Exhange was robbed of $468 million.

The e-book goes into more detailed description of some rather advanced APT campaigns, such as Icefog and The Mask and I highly recommend everyone to read it.