Cybercriminals are using big data technology to make money from data obtained on the Chinese-language underground. Quelle surprise.
An analysis of open source information and data drawn from a variety of closed forums showed a cycle that included multiple layers of cybercriminals, the use of insider information and unwitting victims, according to researchers at Intel 471. That sounds a lot like the elements of a typical financial scheme – but with a big twist. Or at least a boost from China’s quest to be at the center of big data analytics, “especially as it pushes to become synonymous with new technology sectors like the Internet of Things (IoT),” the researchers wrote in a blog post.
China is making big data a centerpiece of all economic sectors, which creates a lot of data noise where criminals can find cover for their schemes. As the researchers pointed out, as the big data market has swelled – by China Industrial Control Systems Cyber Emergency Response Team’s estimates, to about $156 billion – China has struggled to manage, regulate and create governance around data. The explosive growth, the researchers noted, “has not been paired with oversight.”
Among the regulatory challenges China faces is the blurred lines between private and public personal information coupled with security risks around collecting, storing and sharing it, much of which is left to the discretion of the companies collecting and handling it.
The Underground Information Market
The underground data monetization chain the researchers observed is set up much like any other business process, with a “clear division of labor, responsibilities and a delineated chain of command.” It includes a boss, or requester, who needs the data for a nefarious activity; insiders who, under orders from the boss, access raw data and extract information from a service provider for a profit. Middlemen stand between the boss and cybercriminal buyers, and get a cut of the action, while escrow and underground platforms provide a way for the middlemen to advertise their wares. Scammers, threat actors and direct marketers are the end users in this chain – they’re the ones who buy the data or engage with syndicates directly via the platforms.
“It comes as no surprise to read that cybercriminals are employing the same principles as some of the large social media companies,” said New Net Technologies Global Vice President Dirk Schrader, calling it “the back side of the big data coin.”
The schemes observed by Intel 471 make their money on a number of forums from those catering to gambling and lotteries to those seeking users records; in one case, from a parenting application. “We have also observed a number of Telegram channels that are dedicated to making money off stolen information related to big data programs,” the researchers noted.
Chinese law enforcement has tried to step in and hold companies accountable for the way they handle data. In 2019, for instance, authorities nabbed the general manager, deputy general manager and marketers of Tianyi Credit after several companies “were observed providing third-party data crawling services and selling the data collected from unknown victims to reap a profit in addition to being exploited by underground threat actors,” Intel 471’s researchers said.
More recently, authorities have tightened regulations around personal data and privacy, including privacy and security strictures from the Cyberspace Administration of China.
Data Breaches Offer a Cautionary Tale
The Intel 471 findings are a cautionary tale for those that continue to dismiss the relevance of vaults from previous social media site breaches being hawked online.
“The more the bad actor know about a target, the better becomes their craft,” said Schrader, making it “even harder for a regular user to recognize a phishing email, or for the employee in corporate finance to identify a [business email compromise] BEC attempt.”
The findings also signal, the researchers said, the need to protect data with the same urgency that companies secure their essential services. That’s not as easy as it sounds. For many organizations, sprawling cloud infrastructure prevents them from having visibility into who’s accessing sensitive information, according to Hank Schless, senior manager, security solutions, at Lookout. “Understanding data access is even more difficult when the biggest threat comes from people on the inside who are less likely to trip any alarms when accessing sensitive company data,” he said, suggesting that a zero-trust model can help.