Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Jane Lee
Jane Lee
Connect Directly
E-Mail vvv

3 Ways Data Breaches Accelerate the Fraud Supply Chain

The battle's just beginning as bad actors glean more personal information from victims and use that data to launch larger attacks.

While data breaches have become a nearly daily occurrence in news headlines — most recently, Drizly and the Ritz Hotel — it's important that businesses and security professionals understand the cascading effect these incidents have on the broader online landscape. Regardless of the size of the business reporting a breach or amount of consumer data exposed, all businesses are threatened by a "fraud supply chain" that feeds off these types of breaches. 

The fraud supply chain is an interconnected ecosystem that allows cybercriminals to use different attack vectors to steal from consumers and businesses, often through more complex ways than merely buying stolen credit cards to make large purchases. Therefore, fraudsters can feed off any type of data to provide both a bridge for gaining further personal information from existing victims and a springboard for executing larger attacks.

Related Content:

Attacker Dwell Time: Ransomware's Most Important Metric

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: Securing Slack: 5 Tips for Safer Messaging, Collaboration

Even the Smallest Breaches Cause Ripple Effects
Data breaches are almost always a means to an end. For example, seemingly minor information such as usernames or passwords can arm fraudsters with enough to execute more sophisticated attacks. Often, bad actors will harvest user information obtained from various data breaches to develop complete user profiles. Additionally, typical consumer behaviors can often make this easier for fraudsters; studies have shown 65% of users repurpose their passwords across multiple platforms. Data breaches provide attackers with the credentials needed to execute more widespread attacks such as:

  • Accumulating More Personal Information Through Phishing Scams
    Often, a minor data breach is not enough for fraudsters to execute immediate attacks on an individual. However, simple credentials such as an email address offer a direct line of communication for fraudsters to initiate phishing schemes. Through this tactic, they'll often impersonate a trusted source to convince consumers to share further personal data such as credit card information, passwords, etc. While most people may think it's easy to recognize a phishing scheme, sophisticated fraudsters will use additional information garnered through previous data breaches to personalize content that demonstrates potential legitimacy.

    For security teams, email protection is critical and must lean on a layered approach. The foundation must be set with standards such as email authentication and domain-based message authentication, reporting and conformance (DMARC) to protect employees, stakeholders, and customers from unauthorized usage.

    Alongside these measures, secure email gateways (SEGs) and phishing awareness/training can help avoid external threats. For example, fraudsters often play to consumer emotions and fears, a reason why we've seen phishing attacks accelerate amid the pandemic. Recent phishing schemes have included cybercriminals impersonating health officials and agencies seeking consumer information to facilitate fake virus testing or contact-tracing initiatives.

  • Coordinating Account Takeovers With Compromised Credentials
    Once fraudsters have enough information, they'll use these credentials to access and take over victims' accounts. This opens the door to a variety of opportunities, including exposure to payment information, ability to open new accounts with similar credentials, and access to post fake or malicious content to victims' personal networks.

    There's little you can do about users falling victim to social engineering tactics outside of your platform. However, you can empower your team to act accordingly when these bad actors show up on your platform. Two-factor authentication (2FA) can address this by adding friction when someone is trying to gain unauthorized access into an account, and also notifying users when suspicious account access has been detected.

    There are also internal measures you can take for schemes in which a user has been tricked into willingly handing over their credentials to a bad actor. For example, businesses dealing with payments can leverage a holding period before funds can be transferred, and review transactions that seem anomalous (such as amounts outside of the user's normal activity or transfers into a new account).

    Lastly, you may also want to consider educational outreach (for example, a newsletter, FAQ, or help center) that informs users of common tactics. Let them know that your organization will never ask them to share a verification code, for instance.

  • Siphoning Money and Assets Through Payment Fraud Schemes
    Payment information is often the holy grail for fraudsters. Payment fraud typically begins with card testing through the purchase of typically low-value, low-effort items. If the purchase is successful, they know the payment information is valid. Funds can then be used to buy goods to keep or resell, or to buy more data on the Dark Web.

    While account and payment protection is paramount, users also demand seamless experiences. Therefore, security professionals should implement risk assessments based on user trustworthiness. This dynamic friction will help eliminate friction for trusted users, block risky interactions, and implement verification for suspicious activities.

Every business needs to face the repercussions of breaches, whether they are directly involved or not. Simply put, every data breach is every business's problem. That means fraud prevention needs to be an ecosystemwide effort, so that user data is rendered useless — thus breaking the most important link in the fraud supply chain.

Jane Lee is a Trust & Safety Architect at Sift, who specializes in malicious websites, spam, misinformation, account/content abuse, chargebacks, and payments risk. Prior to joining Sift, she was on fraud teams at Facebook and Square, and also spent some time as a private ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...