Shanghai'd, data breaches and insecurity

In early July of this year, one of the largest known data breaches to date occurred that stripped files from a Shanghai police database.

The hacker responsible claimed to have stolen terabytes of data relating to as many as one billion Chinese citizens. Known as ChinaDan, the hacker asked for a ransom in digital currency roughly equivalent to $200,000. While it isn’t clear how he got access to the data, it seems likely it could be related to the same method used to gather most of it: social media.

Social media has become such an integral part of modern society that it has become impossible to untangle the more innocent aspects of the platform with the realities of privacy and security. As a result, bad actors have turned to holding privacy hostage in order to turn a profit and business is booming.

The U.S. Treasury Department reported that in the first half of 2021 alone, ransomware fees paid had risen to $590 million, crushing the previous year’s total of $410 million. Much of that ransom is paid in decentralized currency. “While most virtual currency activity is licit, virtual currency remains the primary mechanism for ransomware payments, and certain unscrupulous virtual currency exchanges are an important piece of the ransomware ecosystem,” the Treasury Department noted in 2021.

While some may be worried about data breaches resulting from internal breaches by employees or partner organizations, Verizon found that the statistics are weighted wildly in favor of external attacks. Verizon’s 2022 Data Breach Investigation Report (DBIR) accounted for as much as 73 percent of data breaches originating from external sources.

“Nearly three out of four cases yielded evidence pointing outside the victim organization,” the report stated. “In keeping with other studies revealing risks inherent to the extended enterprise, business partners were involved in 39 percent of the data breaches handled by our investigators. Internal sources accounted for the fewest number of incidents (18 percent), trailing those of external origin by a ratio of four to one.”

The report also found that financial reward is the largest driver of these types of attacks - as much as 96 percent - with only a small percentage pointing to protest or corporate espionage as major factors.

Although for major corporations and businesses that have had their sensitive financial planning and information leaked to the public, it may as well be espionage and blackmail. Entertainment and video game company Bandai Namco experienced a breach in early July that saw hackers flout potential unreleased media titles, timelines, and paid content plans.

“After we confirmed the unauthorized access, we have taken measures such as blocking access to the servers to prevent the damage from spreading,” said Masaru Kawaguchi, President and Representative Director for Bandai Namco Holdings, Inc. “In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.”

Despite swift action taken to lock down servers and mitigate further harm, the damage was done. Some companies have even seen proprietary source codes for their intellectual property hit the internet for failure to pay their ransoms, as was the case with auctioned assets of videogame developer CD PROJKT RED in 2021.

More people are paying the ransoms, however according to Sophos in its State of Ransomware 2022 annual study, 46 percent of companies hit who lost encrypted data paid. Even 26 percent of organizations that had backups for the data chose to pay the ransom.

Ultimately, while companies spend record amounts to update and maintain adequate cybersecurity hygiene, the burden of protecting our sensitive data may fall on us all as individuals. NortonLifeLock’s study into social media data and phishing attempts over the past several months has seen that efforts have become more sophisticated at relatively low complexity for the perpetrators.

"Threat actors use social media for phishing attacks because it's a low-effort and high return way to target billions of people around the world," said Darren Shou, head of technology, NortonLifeLock. "As social media is intertwined in our daily lives, it's key to know how to spot the signs of a scam and keep a sharp eye on where requests for your information are coming from. Even better, consider strong, multi-layered security that can be on the lookout for you." 

Between April and June of this year, NortonLifeLock thwarted over 900 million threats, about 10 million per day.

Since no amount of cybersecurity is perfect, users might want to be careful about the next tweet they send.

It could cost them.