Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Is your company and customer data being sold on the darknet?

George Nott | July 14, 2017
A darknet marketplace listing could be the first indication your business has a rogue insider.

crack in glass

Increasingly businesses are monitoring the darknet for clues that their company and customer data is being exposed. But it’s no easy task.

Last week, The Guardian reported that Australians’ Medicare numbers were being offered for sale on a darknet marketplace for the equivalent of $30 in Bitcoins each.

Human Services minister Alan Tudge said the data’s availability was likely the result of “traditional criminal activity” as opposed to a hack, implying that it was being accessed using a legitimate login to a health system.

The government has now commissioned a review of the Health Professionals Online Services (HPOS) system – a suspected source – and referred the ‘Medicare Machine’ service to the Australian Federal Police for investigation.

For the government, the Guardian-revealed darknet listing was the first indication that they had a potential insider leaking citizen information online.

The insider threat is often considered the Achilles’ heel of a company’s security posture. And the rise of hidden marketplaces makes it easier than ever for those rogue employees to gain financially from their malicious activity.

Increasingly businesses are monitoring the darknet for clues that their company and customer data is being exposed. But it’s no easy task.

 

Shine a light

James Nunn Price, cyber risk leader for Deloitte in the Asia Pacific region, recounts an incident involving one of the consultancy giant’s European clients, a large energy company.

“We do monitoring for them and we were able to pick up on a dark web market that one of their systems administrators was selling their remote access VPN logging details – because they disagreed with the policy of fracking,” he said.

“And they were looking to sell that on a dark web for someone to come in and, you know, destroy their systems or their organisation because they disagreed, ethically, with what they were doing. I'm not sure the ethics of what they were trying to do!”

Once detected and relayed to the organisation, the company was able to pinpoint the perpetrator.

“It does happen,” Nunn Price says.

It’s horror stories like this that are prompting more and more businesses to monitor the darknet.

“Organisations can do this themselves. Very large organisations sometimes have their own threat analysts that have the technical capability and tradecraft to be able to perform this type of work,” says Gartner research vice president Craig Lawson, who is soon publishing a market guide for threat intelligence services.

Others subscribe to portals “that allow for searching and investigations of this content without having to access it” or engage third party threat analysts “who can provide tailored information”, Lawson adds.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.