If you have been anywhere near the Internet, you must have heard about Beckileaks. Britain’s darling David Beckham has jumped from famous to notorious overnight due to an email hack. 18.6 million emails from Beckham’s Portugal-based PR firm Doyen Sports were hacked back in 2015. Allegedly, the hackers did approach Doyen for a 1 million pounds ransom back then. After Beckham advisers refused, the email dump was released online.
What followed was an informational tsunami of sorts. On the one end, the former footballer’s advisers ensured a gag order on one of the Britain’s most popular magazines, the Sunday Times. On the other end, UK is not the whole Europe, and Der Spiegel, L’Equipe and several dozen other resources published the juicy details of the cache past weekend.
From “angry pursuit” of knighthood to tax concerns and charging a charity for a luxury flight, the media and the public have not taken it lightly. The Beckham brand took a devastating blow. Whether or not the contents of the leaked emails were doctored and taken out of context yet remains to be seen. The bottom line is Becks’ image as the “man of the people” is no more.
Add in the expenses of hiring a high-end security firm to find the perpetrator, & fix what can be fixed digitally. Then try to estimate the PR & emotional costs of maintaining a positive image during the outbreak for the entire family, ongoing onslaught of angry fans and downright trolls in social media – the consequences are dire.
The Scope of The Problem
The Beckhams are in a good company. From Jennifer Lawrence and Kirsten Dunst to Pippa Middleton, Hillary Clinton, and John Podesta, to several dozen top-tier politicians of Panama Papers such as David Cameron, Sigmundur Davíð Gunnlaugsson & much, much more. The hall of fame for hacked celebrities is expanding.
The cybersecurity problem spreads to individuals and businesses from all walks of life, not just the rich and the famous. The ransom demands are escalating, affecting all spheres of business. From small charities to large hotel chains, hospitals, law firms, or football teams – ransomware takes its toll. The National Cyber Security Centre, UK, states there were three times as much ransomware attacks in the first half of 2016 as compared to the same period in 2015. That is, documented attacks. Many organizations prefer to keep these events under the radar to avoid reputation damage to their brands.
The damage to victims amounts to millions yearly, not only for the ransom payments but also for the costs of overhauling the IT systems. Some cybersecurity experts have dubbed 2016 as the year of the ransomware. As the code becomes more sophisticated, we will see more of the same, perhaps on a larger scale.
An average ransom demand in such attacks increased from $300 in 2015 to $700 in 2016, for individuals, and $500K to $3.4 millions for organizations. According to a 2016 Osterman Research survey, nearly half of respondents admitted their organization had been hit by a ransomware attack during the past year. CNN stats provide a number of $209 million paid in ransoms in the first quarter of 2016 alone. An estimate from the FBI is of $1 billion during 2016 paid in ransoms.
3.The Evolution: from Ransomware to Doxing & Shame Hacking
Ransomware encrypts data and makes it inaccessible to the owner. The perpetrator then demands a ransom in exchange for the key. In most cases, the transaction is in Bitcoin, to protect the anonymity of the attacker. Classical ransomware is most frequently deployed on desktop computers rather than mobile devices. This is due to the fact that mobile devices often sync data with the cloud.
Extortionware propagates partly due to the advent of the mobile technology with all its vulnerabilities, known and unknown. This is true especially for millennials and younger generations who don’t think twice before snapping a selfie. That is why many companies, especially in the financial, insurance and state sector, have banned their employees from taking selfies and pictures on premises. Such snapshots can reveal strategically important data about many things, such as the location of CCTV cameras, or even proprietary code on the screen of a colleague.
Other forms of ransomware are blockers and scareware. While blockers prevent victims from logging into the device or using one or more apps, scareware does not really do anything but scaring. For example, emails stating the FBI is on you, unless you pay up the “fine.”
A relatively recent form of ransomware is called doxware, shame hacking or leakware. Its peculiarity is the hacker goes to extra lengths in case the victim does not pay up and publishes the private data online. If the files contain information that could taint the reputation of the victim, the damage can be debilitating. Shame hacking does the opposite of what classical ransomware does. Instead of locking you out of your data, it releases it for the whole world to see.
In some cases, the hackers demand a ransom, which allegedly happened to Beckham’s advisers. In other cases, hackers have a personal vendetta against a celebrity. Occasionally, hackers are social justice warriors of sorts, with a philosophy and principles other than money.
Doxware typically targets email servers, cloud storage, word processing files, chat apps, picture galleries, phone’s contact lists. In many cases, the attack begins with a phishing email or private message in social media or chat apps, that tricks the unsuspecting user to open a link that initiates a download of a malicious code. Sometimes, 30 minutes is enough for the code to lock an infected device.
Because it is possible to circumvent ransomware by keeping backups, or formatting the hard drive, & doing a clean restore, hackers increasingly prefer doxxing. They believe, and they are inevitably right, that threatening to release the confidential data to the public is a better motivation that just encrypting it.
Celebrities’ “underwear” aside, damage to businesses from such leakware is all the more immense. Consider merger negotiations, pending patents information, research, and any other data that gives a company strategic advantage.
Two years ago, a group of stock traders teamed up with hackers to access hundreds of press releases pending publication. Some of them from leading U.S. companies. The perpetrators then traded on the stolen news and made $100 million in illegal profits. Business cyber espionage and leakware go hand in hand – the U.S. presidential election is a good demonstration of how consequential such hacks can be.
Protecting Against Leakware
Common sense and cybersecurity literacy should help:
- Use end-to-end, zero knowledge encryption for your corporate communication, email, chat, teleconferencing and cloud storage, teamwork files, and calendars.
- Keep a regularly updated backup of business-critical data in a disconnected site. This is important to prevent the backup from being locked by ransomware.
- Use advanced authentication – two-factor, biometric, CAC, Smart Card, SSO, RFID.
- Use ad blockers in browsers company-wide.
- Disable USB ports where possible.
- Disable unnecessary services where possible, such as Remote Desktop Protocol.
- Invest in employee training and regular penetration testing, especially for phishing scams.
- Ban mobile games and other questionable apps on corporate mobile devices.
- Monitor BYOD devices’ data flow and have explicit rules for using personal devices for work purposes.
- Do not use consumer apps for business communication, such as WhatsApp, Telegram or Skype.
- Never use public Wi-Fi.
- View file extensions, so executables don’t disguise as PDFs.
- Get to know whaling and phishing techniques in-depth, as phishing is the preferred delivery method of leakware.
- Blacklist questionable websites on company devices and BYOD (adult, warez, piracy websites, Darknet forums, etc.)
FortKnoxster safeguards your communications and cloud storage from malware, including leakware and man-in-the-middle attacks. Today, leakware and extortionware are successful business models. These threats target organizations large and small, high-net-worth individuals and celebrities. It is a tangible problem with potentially devastating consequences, so encrypting your confidential data is the new norm.
Please also join our Telegram group and visit our Facebook page and Twitter page for more inspiration.