Think security data analytics applies just to the good guys? Think again.

Anyone who looked closely at the U.S. Office of Personnel Management data breach earlier this year knew it was a serious breach of personally identifiable information.

In that single incident, records for 21.5 million individuals were stolen, including background information, Social Security numbers and even biometrics. It was immediately clear how, in the wrong hands, such data could be used to conduct identity theft, fraud and social engineering attacks. Indeed, vast amounts of stolen data are circulating on the dark web and the Internet every minute.

In a new report from McAfee Labs, the research team describes how cybercriminals can obtain and collect valid login credentials, either by collecting them as they always have done or by buying them on the underground market.

“Using valid credentials, adversaries fly below the normal security radar because they appear to be valid users. Often, the only giveaway is their behavior. Is the user’s behavior normal or is it an outlier in some way? While the security industry is working hard to develop behavioral detection capabilities using big data coupled with advanced analytic technologies, adversaries are abusing the current lack of behavioral detection by adjusting their attack methodologies to stay hidden,” writes Christiaan Beek, McAfee Labs’ director of threat intelligence, in the report.

“In 2015, a vast amount of data was stolen from businesses and governments. Some of the stolen records have limited value, but some is very likely waiting in secret locations for use in upcoming attacks. Further, the linking of stolen data sets may make the data significantly more valuable to cyber attackers. What if stolen data from a health-care provider, donor information, Madison Ashley and the U.S. Office of Personnel Management were combined and stored in a data warehouse in the cloud? This information could lead to blackmail, the generation of new credentials or identity theft,” Beek writes.

Of course, that’s been said – and true — for some time, and in addition to blackmail and identity theft, such data can be used as backgrounder to socially engineer the organization the victim works for, or even the victim himself. There’s no better information-armed criminal or adversary than one who has a dossier about a targeted victim’s background, after all.

But the McAfee Labs report envisions a dark step forward.

With all of the personal data stolen in recent years, McAfee Labs is predicting that criminals will establish a data warehouse service where they will sell stolen personal data.

“This accumulation of stolen data has been going on for a couple of years. We predict that a robust dark market for stolen personally identifiable information and credentials will develop in 2016. Specialized underground warehouses will surface, offering stolen personal data, compromised credentials, and infrastructure details from multiple sources. Cyber criminals who are trusted customers of the dark web will be able to select special sets of data to purchase for use in subsequent attacks,” Beek writes.

If that turns out to be so, the good guys are going to take another hit.


  1. […] Think security data analytics applies just to the good guys? Think again. […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: