As cyber threats continue to evolve, bringing new challenges for global businesses, Kaspersky has revealed an emerging threat landscape where cybercriminals are not just conducting real data breaches but also fabricating data leaks. A fresh report released by the organisation said this tactic had significant implications, potentially damaging the reputation of affected businesses, even if the data leak is proven to be false. “Cybercriminal groups are using blog-style communication on dark web platforms where they publish information about their victim organisations and often attempt to blackmail them,” says Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.
“And lesser-known actors in the field are following suit by creating fake leaks. They cause a stir and provoke a reaction from the target, as well as deceiving other cybercriminals in the black market,” Yuliya added. According to Kaspersky Digital Footprint Intelligence, between 2019 and mid-2021, there were an average of 17 posts a month about social media leaks on the dark web. This has subsequently increased to 65 posts per month on average. Based on Kaspersky’s findings, many of these messages may be reposts of the same database.
“It is important to note that these activities are unrelated to a company being compromised or to a real cyber-attack, and do not contain any sensitive private information. Nevertheless, as we can observe, even such activities can influence the media landscape and negatively impact a company’s brand,” adds Novikova. Novikova explains that cybercriminals fabricate data leaks in two primary ways. Firstly, they parse databases, extracting information from open sources that do not contain sensitive data. Secondly, they repost outdated data leaks, presenting them as new breaches to establish a reputation among potential buyers on underground markets. Novikova said: “Even if the data is not sensitive or recent, the potential for resultant damage is very real – and can be substantial. The mere report of a leak can harm a company’s reputation, especially if the organisation is not prepared to handle the incident appropriately – whether the data leak is fabricated or real.
“Fortunately, companies can minimise this damage with effective crisis management strategies, especially if they can identify a fake post before it reaches mainstream media.” Kaspersky recommends a proactive approach in the face of these threats. Businesses should prepare comprehensive incident response plans that include monitoring the dark web and engage cybersecurity experts to investigate reported data leaks timely. “In the era of persistent and constantly evolving cyber threats, data leaks – especially for large businesses, and including fake leaks – are not a matter of ‘if’ but ‘when’ will it occur,” says Novikova. “Preparation, proactive action and transparency are crucial in dealing with these challenges. So too is the need for swift action, thorough investigation by internal and/or external expert teams, and cooperation with law enforcement to mitigate risks, safeguard a company’s reputation and the trust of its customers, regulators, the media and the general public,” Novikova added.