'Doxing' identified as an ‘evolving threat’ within cyber risk landscape

Doxing, the practice of publishing private or identifying information about an individual or an organisation, is an “evolving threat” within the cyber risk landscape, according to risk modelling firm RMS.

Speaking as part of the company’s two-day virtual Cyber Summit event, David Gatey, senior director of modelling at RMS, explained that well-known threat actors, such as Maze, are already using doxing as a tactic within their cyber attack arsenal.

He said: “I’d like to flag the rise of doxing; locking a firm’s systems as well as holding their data ransom.

“Maze, previously known as ChaCha, has been active in this space. Recently, it has even been identified to have formed partnerships with RagnarLocker and LockBit to share their data leak platform.

“This threat gives the potential for ransomware-like business interruption, combined with notification costs and fines traditionally associated with data breach. Even if data is restored from backups, data could be leaked to encourage ransom payment.”

Shift in cyber attacks

Damini Mago, senior cyber risk analyst at RMS, concurred that there has been “a shift in the attack environment” over the course of the past year. This includes data exfiltration being cemented as a consistent tactic used by threat actors.

Mago explained: “We’ve been seeing a consistent trend in the data breach activity – there has been less frequent, but more severe attacks. Some industry sectors have been targeted more, like healthcare, pharmaceutical, research - especially when the world’s focus is on these industries.”

Despite this trend, Mago added that phishing is still the most popular tool used by attackers as “humans continue to be the weakest link”.

She continued: “[Contagious malware activity] continues to be a major threat for widespread, large scale losses, however we are constrained by the threat actors’ logistical burden to actually be able to develop and weaponise such exploits.

“Instead, they’re moving to what is an easier route, to make quick money. Humans continue to be the weakest link. Using simply designed exploit kits, leveraging ransomware as a service, threat actors have gone all out in launching ransomware attacks. There’s been a tremendous increase in phishing attacks as compared to last year.

“Not only that, certain industry sectors are being targeted, like healthcare, public sector, NGO and education.”

During her presentation, titled ‘Cyber risk model update’, Mago cited various research projects which demonstrated her point that “there has been an increasing influx in ransomware incidents in recent times”. For example, insurer Beazley’s 2020 Breach Briefing report reported an 131% increase in ransomware activity compared to last year, affecting 62% of small to medium-sized businesses and 38% of the middle market.

She also referenced the University of California, San Francisco, which ended up paying a $1.14m ransom to NetWalker after its ransomware attacked the school of medicine’s IT environment.

Covid connotations

The cyber risk landscape has also fluctuated due to the ongoing Covid-19 pandemic, Mago continued.

“We are all living in this new equilibrium,” she said. “Everybody’s working from home, everyone’s outside the bubble of the office network, trying to connect through [virtual private networks].

“Different companies react differently in adjusting to this new equilibrium.

“There’s also been a massive shift to cloud and cloud-based products and of course we’ve seen an increased [internet protocol] spending, on not just IP infrastructure per se, but also the cyber security of the firms.”