It has now been revealed that the hackers behind the TalkTalk breach, an incident that’s quickly shaping up to be one of Britain’s biggest every security breaches-have put forth a ransom demand of about 420 bitcoins (approx. $122,000).
The recent TalkTalk breach that is likely to have led to the compromise of 4 million customers’ personal and financial data had the company’s CEO reveal that a ransom demand was bought up by hackers who are purporting to be behind the breach.
Sources close to security journalist Brian Krebs now say that the ransom demand was indeed put forth to management at TalkTalk, with hackers demanding 420 bitcoins (approx.. $122,000). To prove the validity of their claim, the hackers have supposedly provided TalkTalk with evidence in the form of copies of the tables used from the telecom provider’s user database. This database is said to contain the data of at least 400,000 people who recently underwent credit checks at the company.
Although some sources point to a Russian Islamist group to be responsible for the breach, there is still no conclusive proof to support the claim yet.
The Attack Technique Used during the Breach
Kreb’s source who remains anonymous has claimed that the intrusion into TalkTalk’s servers began with an SQL injection technique (SQLi), a process that looks for a misconfiguration in a database in order to exploit it. This exploit leads to the database to malfunction and reveal the information, usually via a file dump. It is possible that the SQLi attack was disguised behind the crippling DDoS attack that took down TalkTalk’s website to serve as a suitable distraction when the servers were being breached by the hackers.
According to this thread on Reddit.com, a Deep Web black market called AlphaBay has one seller who may be putting up a recently hacked database that contains information similar to that hacked during the TalkTalk breach. The seller, going by the nickname “Courvoisier,” is an active member in the dark net market with recommendations from other customers who have transacted with him in the past for stolen credit cards and other payment information.
It seems like the crooks are getting better situational awareness when they break in somewhere, which of course increases the potential for an opportunistic attack (drive-by download, database hack, malware-laden spam blast) to mushroom into something much bigger and more costly for the victim or organization.