Last year in August, Juspay, a payment processing company for retailers like Amazon, Uber, Swiggy, and MakeMyTrip, was compromised and the criminal dumped its data through the company’s server. The breach reported by internet security researcher Rajshekhar Rajaharia, involved the records of 35 million Indian cardholders’ data, including username, card type, the bank that has issued the card, card expiry date, and partially unmasked card number, among other details. While the data was for put on sale on the dark web, Juspay reported that it could not be used to make transactions, and the company has taken steps to increase security.
This isn’t the first incident where data breaches and data dump have occurred. Back in 2016, the hacker group "Legion" that broke into the Twitter accounts of the Congress Party, its vice president Rahul Gandhi, controversial liquor baron Vijay Mallya and TV journalists Barkha Dutt and Ravish Kumar, got access to the server of Apollo Hospitals that could have created chaos in India. The group was in possession of several terabytes of raw data concerning all sorts of interests and information relating to Indian public figures.
Value of a partial record
Cybercriminals always value the latest data sets that include an email, password, and other sensitive personal information. However, the Juspay data was several months old with no access to passwords, which made the records insignificant for making purchases because most of the credit card information is masked with a hash function. Regardless, the data set was being sold for $5,000. How was it possible?
Even if the data is partial, it would hold value in the dark web even two years later after the hash values of the cards are cracked. Criminals can combine multiple such partial data dumps by matching names and email addresses from one data dump with a complete set of login credentials from another. The sets would only require one field in common for the hacker to combine the records successfully. A 2019 report by IBM stated that the average size of a data breach is 25,575 records. Even half of the records from an average size data dump matched to each other can give out thousands of potentially compromised user accounts, payment data, and other sensitive records. Access to such volumes of crucial data can harm the concerned individual for years as the personal information is used and sold to new criminals over a long period of time.
The business standpoint
Every company strives to avoid circumstances that can lead to a data breach as it can harm its brand name and relations with consumers, suppliers, and employees. Data compromise can also turn out to be an expensive affair keeping into consideration the remediation, downtime, compliance costs, and lost business from future customers who no longer trust the brand. The situation may further worsen over time if the stolen data gets used in certain types of attacks to steal the data of other organisations.
A 2020 Data Breach Investigations Report by Verizon has identified the actions that lead to data breaches. While phishing and stolen credentials continue to be the top two threats, there are four other threats that are increasing. Misdelivery is a human error that can result in data being sent to the wrong recipient, whereas Misconfiguration is an error where internet-facing assets are compromised because they were not secured properly. Both hold a very high spot in the list of top threat action in breaches, which is a clear sign of the underestimation of compliance verification within the wider vulnerability management programs. The other curious actions that need immediate attention are; password dumper, which basically is a type of malware that extracts encrypted passwords from a host computer; and Ransomware malware that encrypts files and launches a demand for payment in exchange for decryption.
Safeguarding the data from being compromised and dumped
Data breaches are all but inevitable and the pandemic made it worse. A recent survey by Barracuda Networks identified 74% of Indian organisations have experienced ransomware attack. In addition, another report revealed employees in 67% of Indian organisations experienced an increase in email phishing attacks since shifting to a remote working model during the pandemic.
Data breach attacks take advantage of multiple threat vectors, and IT teams need to make sure that these threat vectors are continuously defended from compromised networks, applications, and email attacks, thereby safeguarding company the data on-premises or in the cloud. Meanwhile, business owners can deploy Cloud-to-Cloud Backup to protect their data. It provides comprehensive, cost-effective, scalable protection for all Office 365, Microsoft Azure and AWS Marketplaces data and securely backs up email, contacts, folders, schedules, and tasks, along with the OneDrive for Business, SharePoint, Groups, and Teams data, to the Cloud Storage.
User education is also vital in this scenario and so, organisations must engage their workforce in cybersecurity training that would help them track potential dangers in action and keep the hackers at bay.
Murali Urs is the country manager, India, Barracuda Networks. The views in this article are his own.