Contributed by Edwin Doyle, Global Security Strategist, Check Point Software.
There were nearly 30,000 cyber attacks worldwide in 2020. Besides money, personal data is one of the primary targets of threat actors. This data can not only be sold online, but can also be used for extortion or financial ransom.
A recent example of data-for-ransom is that of dating site Atraf. The Tel-Aviv based LGBT dating website is popular among the LGBT community in Israel & the Middle East. The hacking group, Black Shadow, broke into the servers of the parent company of Atraf, Cyberserve, on 29 Oct.
Last weekend, on their Telegram channel, Black Shadow released the personal information of 1,000 users. On Oct 31, after no response about paying the ransom from Cyberserve, the threat actors demanded $1 million within 48 hours or they would release more user information.
As of this writing, Cyberserve has not paid the ransom & Black Shadow has opened the ransom demand to the dating site users, many of whom, would prefer their private life remain private; but at what cost?
In some cases, the target of a hack is a large corporation and monetary loss to the company is the main issue. But, in instances like this, the release of highly personal information is known to motivate the victims into potential compliance for monetary demand.
Like users of other dating sites, Atraf users provided their name, whereabouts, and even health information. Being an LGBT specific dating site, there may be many users who haven’t publicly shared their sexual orientation, since in many Middle Eastern communities, there are dire consequences for alternative sexual orientation & for most countries, there are still antiquated political consequences for the LGBT community.
Google has blocked access to the sites of Black Shadow and Telegram has also suppressed Black Shadow groups, reported France24. Local LGBT groups have also voiced their concerns. Hila Peer of Aguda said they hope Telegram continues to cooperate with them because the leak is life-threatening for some of the affected people, reported NPR.
The attack also involved other websites hosted by Cyberserve. The group is apparently operating from Iran, although this doesn’t necessarily mean they have ties to the government, says Gil Messing of Check Point, as reported by NPR.
When it comes to data breaches, targeted hacking is responsible for the majority of the leaks. Global data from 2019 shows that as much as 45% of the breaches involved threat actors. In comparison, malware was featured in just 17% of data leaks. In 2020, the entertainment industry was the victim in over 7,000 of the 30,000 attacks, making it one of the most target industries; likely because of the high volume of people who access entertainment sites.
Unfortunately, this is not the first time a dating website was the target of a cyber attack. In January this year, a well-known threat actor attacked MeetMindful.com and leaked the info of over 2.28 million users. The over 1GB file containing user data was available as a free download on a popular dark web forum.
While the circumstance of exactly how Black Shadow managed to disrupt Atraf remain unclear, there are some simple techniques that help mitigate breaches, such as a strong software patching protocol, multi-factor authentication, a zero trust architecture & encryption of data at rest, in transit & in use. Discover further insights, analyses and robust resources when you sign up for the CyberTalk.org newsletter.