A security firm based out of St. Louis, Mo. which specializes in collecting breach data from online sources has itself been breached, exposing some 15 billion usernames, passwords, and other personal
information collected from over 8000 website breaches. The breach collector technology called Data Viper, from the cyber threat intelligence firm Night Lion Security, describes its Data Viper product as a “threat intelligence platform designed to provide organizations, investigators and law enforcement with access to the largest collection of private hacker channels, pastes, forums and breached databases on the market.”
A data breach monitoring service typically scans, collects, analyzes, and presents breach data from a variety of sources including the dark web, paste bin sites, hacker forums, and other locations, then
sells access to this information to concerned parties. The service allows private companies, Law Enforcement, and other organizations to search and monitor for “data of interest”. This is usually account information such as usernames and credentials indicating that an organization has been breached. The service compiles and indexes previously hacked databases in a proprietary backend. Some of this data has already been disclosed and publicly reported, while some of the data corresponds to yet undisclosed security breaches.
If this data is valuable enough to be offered by cybersecurity firms as a service and subsequently purchased by organizations worried about a compromise or validating a data leak, then it is valuable
to cybercriminals. The very places where much of this data was originally acquired are also where cybercriminals are now reselling the information. The hacker claiming recognition for the breach has ads on the Empire dark web market place selling access to over 8,225 data-bases exfiltrated from the Data Viper service and proof of legitimacy.
The traditional risk/reward to calculate profit potential versus the effort required to compromise the desired system has swung greatly in the hacker’s favor when targeting threat intelligence platforms. The effort required to compromise one company or information system to gather information from one distinct group or database is essentially a payout of 1:1. That effort can be expended on compromising an information system holding much more.
At face value the Data Viper breach ratio seems to be on the order of 1:8225 (8,225 databases were exfiltrated). But wait, it’s even greater than that! Not only did the hacker not need to put in the original effort required to compromise these victims but they also absolved them-selves from having to perform all the data collection, processing, management, and warehousing tasks required to make said information consumable. That value-added effort was already undertaken by the company offering the threat intelligence platform.
In conclusion, the reward is too great for these systems not to be under constant attack, the carrot is too big and some fences too small, creating a huge incentive for cybercriminals.