Hackers sell 85K SQL Databases on Dark Web Market: What to do?

Hackers have been known for selling data on dark/deep web for quite a long while. They hack into the database and ask for ransom, mostly through a malware attack called “Ransomware.” They sell the data to the highest bidders in the dark web market if the owner refuses to pay the ransom. According to the latest statistics, more than 85000 MySQL databases are being sold on the dark web. Prices start from $500 and depends on how worthy is the database. Hackers have frequently been breaking into databases and ask for ransom through ransom notes. Those ransom notes have an email mentioned to contact the hacker and to break a deal. Hackers have automated their database ransom scheme using web portals. Primarily, they hosted online then moved on to an Onion address to utilize the dark web, making it their haven. Once the DB owner reaches the dark/deep web page, he is then asked to make the payment in BTC. A lot of DB attacks have been reported this year. Database owners came across ransom notes on different forums related to MySQL and Reddit.

Panicking Doesn't Help:

Once the hacker takes off your database, it is necessary to hire a professional negotiator. But, hiring a negotiator can be risky at times. A subsidiary of a UK-based company was caught for overcharging from database owners and settling the deal at a lower price. Since these attacks are taking place on a regular basis, mishandling and over-reacting measures can be dangerous and lead to financial loss. The above-mentioned example of a brokerage scandal took place in a UK-based IT company, Red Mosquito. Security researcher Fabian Wosar carried out a sting operation against the red mosquito. Fabian concluded that the subsidiary charged a high amount from the victim and paid way less to the hacker after negotiating. Fabian disclosed his tactics that played an essential role to catch the company red-handed:

•  Fabian Wosar created two email accounts, one for acting like a hacker and the other to play the victim. Then, he created a fake ransomware called “GOTCHA” and a ransom note that included a unique ID, in order to make it look more authentic.

• When Wosar linked-up with red mosquito informing about his self-created ransomware incident through the victim account, he received an email on the hacker account to negotiate.

• After closing the negotiation, red mosquito offered recovery services at an enormous price to the victim, failing which they would lose their data.

It is important to stay cautious with these scams online. Make sure to check on the charges if a third party is involved to break the deal.

How To Stay Safe And Prevent These Attacks?

Our CEO Zarrar Chishti has covered this topic and many more in his new book about Gamification - Gamification Marketing For Dummies (2020, Wiley). There are some loopholes that are ignored and left off as the database is settled. These basic points will prevent from unwanted situations that can occur as discussed previously. 

• Hackers can get smooth access to the portal through the link in the login page. To avoid this, make sure the page name is not similar to the login one. Keep it random and abstract.

• Make sure that the people who have access to the database use their own email instead of the login name. Since usernames are more predictable, it becomes easier for the hacker to access it. If a user who has access leaves the company, make sure the email that was used to login is revoked.

• Employees and users should shuffle passwords on regular basis. The password should be strong and hard to crack.

• Use a good password manager to keep track of the passwords in case they are forgotten.

• Keep check on users if they are just logged in and not doing anything. Idle sessions can give create a bridge for the hacker to push in and take out the data. So makes sure that the site codes automatically logs out an idle user in a certain time.

• Use SSL data encryption to secure the website portal which ensures safe data transmission between user browsers and the data server. SSL certificate can get the job done safely and it is also easy to get it. Get the best developers on team to get it.

• Use multi-tiered access control accounts to limit users with less accounts. Lesser the accounts, the harder it gets for the hacker to get in.

• Place a removal policy where a user will be granted a specific time to log-in. In coordination with the admin staff, remove the user with an excessive time period.

• Make sure the developers keep tracking the IP address of all the users when logged-in. This will determine the geo-location of all the users.

• With the account disablement feature, the account gets disabled if there are multiple wrong password entries. Once detected the website can be taken down and the threat can be dealt with later.

Tokenisation:

Tokenisation in simple words is a way of confusing the hacker. It turns the main sensitive data into non-sensitive data called “Tokens.” Tokenisation is way of securing data by replacing the original data with an unrelated value of the same length. The best part of tokenisation is that it cannot be cracked or reversed. 

Read More: Tokenisation and Security

Luring The Hacker To The HoneyPot: 

Honey pot is a database server that works as trap to lure the hacker and trick them with false database information. To setup a honey pot,  base it on a real asset. Make sure it refers to the real assets. Make the server look more attractive using Credit Cards and Customer's information that features fake and irrelevant data. But, with all this being mentioned, make sure that the honey pot is well-deployed, maintained and is constantly monitored.

Conclusions

If you need consultation on database security or you need help developing custom corporate software and cloud-based B2B app for your company, the experienced team at Tentacle Solutions is happy to assist. Based in Glasgow, Scotland, we deal with all facets of skilled games, including predictive analytics, testing, creative UI/UX services, and more. Contact us today to learn how we can help you create a one-of-a-kind app to suit your unique needs.