The Weaponization of Our Digital Identities

Amid COVID-19, cybercrime is on the rise

Security threats such as phishing attacks and malicious websites continue to make headlines, unsurprisingly, given these sort of schemes thrive on uncertainty. As we navigate this global health pandemic, cyber-attacks on hospital systems also have increased significantly. History shows that cybercriminals exploit crises, so to keep pace with these ever-evolving bad actors, it is important that we examine past trends and patterns to understand the future security issues that lie ahead of us.

My firm, 4iQ, recently published its 2020 Identity Breach Report, which offers a unique perspective on some of the most important cybersecurity trends from the past year. As evidenced in the findings, the underground breach economy truly reflects the severity of targeted public and private sector cyber intrusions.

In 2019, we observed a total of 18.7 billion raw identity records circulating in underground communities — a 25.5% increase from the year prior. Notably, more than 4 billion of these identity records were new and/or authentic. What does this mean? Simply put, the amount of exposed, new identity records continues to grow while previously exposed information is constantly re-circulating within underground communities. Cybercriminals re-release big combo packages with aggregated credentials from newer, large-scale breaches, which is dangerous, because this makes previously exposed data increasingly accessible for malicious purposes. With all of the exposed credentials circulating in underground communities, ultimately, cybercriminals can generate a biographical index of citizens and businesses, fueling a host of identity-based attacks, including account takeover (ATO) and Business Email Compromise (BEC).

Interestingly, our report found these breach packages are becoming more intimate – meaning they contain identity information beyond just credentials. Last year, we detected an increase in rich personally identifiable information (PII) exposed per breach or leak package. We also found a 10% increase in emails and passwords contained in data breaches compared to 2018. Further, there was an increase in big data packages with confidential documents such as bank statements, chat records, and more.

As these documents with sensitive PII continue to circulate among cybercriminals, it’s important for users to take action and do what they can to safeguard their data. After a breach, affected individuals should change their passwords in order to render the data obsolete. We all know how to change our passwords, it’s a relatively easy process, but identity attributes, however, are either permanent or far more difficult to change. This is increasingly concerning as we see cybercriminals pass around more of this type of information.

Just as concerning, government breaches continue to increase year over year. 4iQ validated 3,867 government breaches last year, amounting to more than 356 million records exposed. The danger with exposed usernames and passwords lies in how this information is weaponized, which is why military and government breaches, which contain troves of sensitive information, are especially dangerous.

In general, the U.S. faced the largest number of cyber-attacks last year, and exposed identities in the U.S. represented 28% of all curated records detected in breaches during 2019. The increase in these attacks in the United States are increasingly worrisome considering the presidential election is right around the corner. On top of this, we are also faced with heightened election security risks in the wake of COVID-19 as many jurisdictions prepare for a surge in mail-in voting. Back in 2018, Alex Halderman, a leading voting security expert from the University of Michigan, told The Guardian that “U.S. election infrastructure remains dangerously vulnerable to cyber-attacks.” And this was before the pandemic – now, processes have shifted, and many questions remain. Cybersecurity officials should surely be prioritizing the issue of election security leading up to November 3.

These attacks aren’t going away, so it’s important that companies also prioritize cybersecurity moving forward. Individuals should always use unique, complex passwords for all their accounts – with 2FA or multi-factor authentication, if possible – consider using a password manager, and sign up for identity theft response and monitoring services. Businesses big and small should invest in their security postures, even as budgets are increasingly strained due to COVID-19. Poor cybersecurity can lead to irreparable losses financially and reputationally, so it would be wise to keep up to date with the world of cyber and ways to mitigate attacks.


About the Author

Claire Umeda is Vice President of Marketing at 4iQ, where she leads go-to-market strategies, product marketing, sales enablement and brand management. Prior to joining 4iQ, Claire has held senior and executive marketing and product positions for startups in the security, communications, data management and social gaming spaces.

Featured image: ©Anthony Brown