{"id":11526,"date":"2016-03-09T09:39:26","date_gmt":"2016-03-09T14:39:26","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=11526"},"modified":"2020-02-26T11:05:56","modified_gmt":"2020-02-26T16:05:56","slug":"all-data-is-stolen","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/all-data-is-stolen\/11526\/","title":{"rendered":"All data has been already stolen. What&#8217;s next?"},"content":{"rendered":"<p>Cybercriminals are starting to shift their focus from stealing personal data to other actions which bring immediate profit, experts at <a href=\"https:\/\/www.sans.org\/about\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">SANS institute<\/a> say. At the recent \u2018The Seven Most Dangerous New Attack Techniques\u2019 roundtable held at the RSA Conference, <a href=\"http:\/\/www.rsaconference.com\/speakers\/johannes-ullrich\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Dr. Johannes Ullrich<\/a> demonstrated a curious slide with a modest header saying \u2018Changes in malware economics\u2019 which contained a far more radical statement: \u2018ALL DATA HAS BEEN STOLEN\u2019.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/03\/06022735\/all-data-stolen-live.jpg\" rel=\"attachment wp-att-11528\"><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2016\/03\/06022735\/all-data-stolen-live.jpg\" alt=\"All data has been already stolen. What's next?\" width=\"1280\" height=\"840\" class=\"aligncenter size-full wp-image-11528\"><\/a><\/p>\n<p>In the US alone, Ulrich says, cybercriminals had already laid their hands on 191 million voter records (bearing in mind the total number of voters in the US is 142 million). That means some records were stolen more than once. As for the credit card data, the numbers are not that shocking, but, of course, they do raise concerns: of 170 million cards issued, 61 million has been compromised (as of 2014).<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">For <a href=\"https:\/\/twitter.com\/hashtag\/DPD15?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DPD15<\/a>, we look at 2014\u2019s top data leaks on Kaspersky Daily. <a href=\"https:\/\/t.co\/lEpy81gdBl\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/lEpy81gdBl<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/databreach?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#databreach<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/cybercrime?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cybercrime<\/a> <a href=\"http:\/\/t.co\/XITXMW9NLe\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/XITXMW9NLe<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/560468735753199616?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 28, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Since hackers\u2019 \u2018dedicated\u2019 work has led to a surplus in \u2018production\u2019 (if you see cybecrime as an industry), the price of the data on the black market has dropped. With this trend, the theft of user information has become a less profitable and thus less attractive venture for hackers, who then started to search for new ways of gaining profit. Now cybercriminals are increasingly prone to <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-10-tips\/10673\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">directly demanding ransoms<\/a> from a victim, no matter who the latter is \u2014 an individual or a business.<\/p>\n<p>The number of cases involving DDoS extortion has significantly increased: the culprits won\u2019t stop attacking until the target pays the ransom. Ransomware is becoming more varied and more sophisticated. Among the the recently publicized were the cases of ransomware attacks on <a href=\"http:\/\/www.theregister.co.uk\/2016\/02\/26\/german_hospitals_ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">two hospitals<\/a>, and one of them was ultimately forced <a href=\"https:\/\/threatpost.com\/hollywood-hospital-pays-17k-ransom-to-decrypt-files\/116325\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">to pay the ransom in order to decrypt the valuable information<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The longest <a href=\"https:\/\/twitter.com\/hashtag\/DDoS?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DDoS<\/a> attack in Q4 2015 lasted for 371 hours (or 15.5 days). <a href=\"https:\/\/t.co\/mTTUwEKsNw\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/mTTUwEKsNw<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/KLReport?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#KLReport<\/a> <a href=\"https:\/\/t.co\/taDBla5k6v\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/taDBla5k6v<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/692772789175111680?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 28, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A much less prominent yet more proliferating phenomenon is a new generation of ransomware capable of blocking access to websites. Recently <a href=\"https:\/\/threatpost.com\/ctb-lockercritroni-finds-new-legs-targeting-websites\/14942\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">a number of WordPress blogs were hit by CTB-Locker<\/a>. Cybercriminals would gain access through vulnerabilities in the WordPress engine and then encrypt all the contents of the website. They would then add a few lines of code which would allow them to open the page in a browser and get in touch with the attackers as if through the \u2018technical support chat\u2019.<\/p>\n<p>As a sign of \u2018good will\u2019, the criminals would decrypt two files free of charge. You might say, \u201cWhy go to so much trouble just for a blog?\u201d However, WordPress engine\u2019s simplicity and convenience made it the platform of choice for many online stores and even corporate websites. In those cases, the value of website contents might be huge.<\/p>\n<p>Encrypting data is not equal to stealing it \u2014 as it turns out, the first may be even worse. Admiral Michael Rogers, head of the NSA, which also had spoken at RSA 2016, names this one of <a href=\"http:\/\/www.theregister.co.uk\/2016\/03\/01\/nsa_boss_three_security_nightmares\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">his worst nightmares<\/a>. \u2018What happens when the same activity is used to manipulate data, software or security products, and suddenly we no longer trust the data we are seeing? What do we do about that?\u201d\u2018 \u2014 he asks.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">CTB-Locker is back: the web server edition via <a href=\"https:\/\/twitter.com\/IdoNaor1?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@IdoNaor1<\/a> <a href=\"https:\/\/t.co\/oz3vZYSD5C\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/oz3vZYSD5C<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/netsec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#netsec<\/a> <a href=\"https:\/\/t.co\/RrGIwlorOi\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/RrGIwlorOi<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/704710554854825984?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 1, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Average users still have to watch out for ransomware that encrypts PC data. Also, the attackers are increasingly looking into opportunities to target smartphones: Android ransomware is already in the wild. Besides encrypting data, it makes the handset entirely unusable.<\/p>\n<p>Since a large portion of smartphones do have unpatched vulnerabilities (like Stagefright) and Android malware has <a href=\"https:\/\/www.kaspersky.com\/blog\/triada-trojan\/11481\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">quickly become more sophisticated<\/a>, we are witnessing even more disastrous Android attacks which would enable cybercriminals to both steal money from a phone or bank account and demand ransoms.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The continual evolution of <a href=\"https:\/\/twitter.com\/hashtag\/mobile?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobile<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#malware<\/a> \u2013 <a href=\"https:\/\/t.co\/lev9ovlF4j\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/lev9ovlF4j<\/a> <a href=\"https:\/\/t.co\/lZMRPKVblr\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/lZMRPKVblr<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/705062161639469057?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 2, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>SANS experts did not cover protection techniques thoroughly, but we will do this job for them.<\/p>\n<p>1. Websites owners should regularly update both WordPress and its add-ons. Since it\u2019s a tedious job, consider a specialized web hosting which would run those updates automatically.<\/p>\n<p>2. Don\u2019t forget to regularly download website backups which are usually run by a hosting provider and keep them in an offline storage.<\/p>\n<p>3. Back up your critical data regularly and keep it in a detached storage \u2013 the best option here would be an external hard drive. As for smartphones, we recommend using cloud storage and uploading all the critical data there.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Setting up backups with Kaspersky Total Security <a href=\"https:\/\/t.co\/xY9jD0mPpu\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/xY9jD0mPpu<\/a> <a href=\"https:\/\/t.co\/3PSGIvzFNn\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/3PSGIvzFNn<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/679790367819038720?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>4. Ensure your home PC is properly protected. By the way, <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.168528035.300785052.1449065439\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Internet Security<\/a> safeguards your documents if it spots some <a href=\"https:\/\/www.kaspersky.com\/blog\/ransomware-protection-video\/8765\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">suspicious activity<\/a> which looks like something\u2019s trying to encrypt your files.<\/p>\n<p>5. It is vital to regularly update and patch the operating system, browser, antivirus and key applications for all the devices you use. If it seems to take too much time, try automatic update.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The average American&#8217;s data has been stolen several times. Now when it&#8217;s done, what would a cybercriminal do next? We have discussed it at RSA Conference 2016.<\/p>\n","protected":false},"author":32,"featured_media":11527,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2683],"tags":[93,282,363,4210,97,422],"class_list":{"0":"post-11526","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-cybercriminals","10":"tag-cybersecurity","11":"tag-personal-data","12":"tag-rsa2016","13":"tag-security-2","14":"tag-threats"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/all-data-is-stolen\/11526\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/all-data-is-stolen\/6829\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/all-data-is-stolen\/6821\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/all-data-is-stolen\/7920\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/all-data-is-stolen\/7684\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/all-data-is-stolen\/11143\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/all-data-is-stolen\/7200\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/all-data-is-stolen\/10681\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/all-data-is-stolen\/11143\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/all-data-is-stolen\/11526\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/all-data-is-stolen\/11526\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11526"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11526\/revisions"}],"predecessor-version":[{"id":33651,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11526\/revisions\/33651"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11527"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}