Companies worldwide are facing an increasingly daunting challenge posed by data leaks, particularly due to the rise in ransomware and sophisticated cyberattacks. This predicament is further complicated by the emergence of fabricated data leaks. Instead of genuine breaches, threat actors are now resorting to creating fake leaks, aiming to exploit the situation.
The consequences of such falsified leaks are extensive, potentially tarnishing the reputation of the affected organizations. Even if the leaked data is eventually proven false, the initial spread of misinformation can lead to negative publicity.
The complexity of fake leaks warrants a closer examination, shedding light on how businesses can effectively tackle associated risks.
What Drives Cybercriminals to Fabricate Data Leaks?
Certain cybercriminal groups, like LockBit, Conti, Cl0p, and others, have gained significant attention, akin to celebrities or social media influencers. These groups operate on platforms like the Dark Web and other shadowy websites, and some even have their own presence on the X platform (formerly Twitter). Here, malicious actors publish details about victimized companies, attempting to extort ransom and setting deadlines for sensitive data release. This may include private business communications, corporate account login credentials, employee and client information. Moreover, cybercriminals may offer this data for sale, enticing other threat actors interested in using it for subsequent attacks.
Lesser-known cybercriminals also seek the spotlight, driving them to create fake leaks. These fabricated leaks generate hype, inducing a concerned reaction from targeted businesses, and also serve as a means to deceive fellow cybercriminals on the black market. Novice criminals are especially vulnerable to falling for this ploy.
Manipulating Databases for Deception: The Anatomy of Fake Leaks
Fake data leaks often materialize as parsed databases, involving the extraction of information from open sources without sensitive data. This process, known as internet parsing or web scraping, entails pulling text, images, links, and other data from websites. Threat actors employ parsing to gather data for malicious intent, including the creation of fake leaks.
In 2021, a prominent business networking platform encountered a similar case. Alleged user data was offered for sale on the Dark Web, but subsequent investigations revealed it was an aggregation of publicly accessible user profiles and website data, rather than a data breach. This incident garnered media attention and interest within the Dark Web community.
When offers arise on the Dark Web, claiming to provide leaked databases from popular social networks like LinkedIn, Facebook, or X, they are likely to be fake leaks containing information already publicly available. These databases may circulate for extended periods, occasionally sparking new publications and causing alarm among targeted firms.
According to Kaspersky Digital Footprint Intelligence, the Dark Web saw an average of 17 monthly posts about social media leaks from 2019 to mid-2021. However, this figure surged to an average of 65 monthly posts after a significant case in the summer of 2021. Many of these posts, as per their findings, may be reposts of the same database.
Old leaks, even genuine ones, can serve as the foundation for fake leaks. Presenting outdated data leaks as new creates the illusion of widespread cybercriminal access to sensitive information and ongoing cyberattacks. This strategy helps cybercriminals establish credibility among potential buyers and other actors within underground markets.
Similar instances occur frequently within the shadowy community, where old or unverified leaks resurface. Data that's several years old is repeatedly uploaded onto Dark Web forums, sometimes offered for free or a fee, masquerading as new leaks. This not only poses reputation risks but also compromises customer security.
Mitigating Fake Leaks: Business Guidelines
Faced with a fake leak, panic is a common response due to the ensuing public attention. Swift identification and response are paramount. Initial steps should include refraining from engaging with attackers and conducting a thorough investigation into the reported leak. Verification of the source, cross-referencing with internal data, and assessing information credibility are essential. Collecting evidence to confirm the attack and compromise is crucial.
For large businesses, including fake leaks, data breaches are a matter of "when," not "if." Transparency and preparation are key in addressing such substantial challenges. Developing a communication plan beforehand for interactions with clients, journalists, and government agencies is beneficial.
Additionally, constant monitoring of the Dark Web enables detection of new posts about both fake and real leaks, as well as spikes in malicious activity. Due to the automation required for Dark Web monitoring and the potential lack of internal resources, external experts often manage this task.
Furthermore, comprehensive incident response plans, complete with designated teams, communication channels, and protocols, facilitate swift action if such cases arise.
In an era where data leaks continuously threaten businesses, proactive and swift measures are vital. By promptly identifying and addressing these incidents, conducting meticulous investigations, collaborating with cybersecurity experts, and working with law enforcement, companies can minimize risks, safeguard their reputation, and uphold customer trust.