Data breach dumps fueled extortion and further attacks
The third quarter of 2015 saw one of the worst-case security scenarios ever imagined coming true: that information leaked from a data breach would be used for further attacks, such as blackmail and extortion.
The attack against The Hacking Team, reported in early July, is an example of such a scenario. The 400 GB dump of stolen information led to the discovery of five major zero-day vulnerabilities, as well as spying tools for iOS and Android. Some of these vulnerabilities were then used in Angler Exploit Kit attacks in Japan and Korea, as well as the compromise of Taiwan and Hong Kong government websites.
We believe we will see more of these chain reaction-type attacks. Bigger and better-secured organizations may experience breaches of their own if ever attackers successfully manage to leech off data from their smaller, less-secure partners. Consumers may also find their personal information at risk if companies continue to get breached due to this lateral progression of attacks.
Organizations and businesses need to prioritize security even more now, and prepare for inevitable data breach attempts.