The Other Side Of Cyberhacks

It’s safe to assume that, once a business experiences a massive data breach, there’s a lasting and understandably negative impact on its reputation with consumers. But there’s a chance that interacting with a brand that’s been hacked doesn’t always leave a bad taste in customers’ mouths. In this week’s Hacker Tracker, we explore what really lies on the other side of hacks — the good, the bad and the ugly.

Research from RAND Corporation revealed that just because a company is hacked doesn’t mean its customers will always start running for the hills.

On the contrary, just 11 percent of the respondents whose personal data has been compromised said they were likely to move onto another firm after the incident. About 77 percent of the notified victims reported being content with how the company handled the breach and its follow-up communication.

Though it’s hard to pin down exactly what keeps a customer loyal to or fleeing from a brand after their data is compromised, the research showed that some customers seem to shrug off fraud as a cost of doing business, while others report needing the good or service on offer and being less concerned about things like breaches in general.

The data also showed that 44 percent of the time victims first learned of a breach through a source other than the breached firm itself — usually media reports. But impacted consumers also didn’t seem too concerned about actually doing what breached firms ask them to do. Almost half of all consumers (49 percent) noted they did not change their password after a reported breach.

Money Mules Get Taken For A Ride

Hackers are keeping a close eye on their “money mules” — the people who purposefully or unknowingly assist cybercriminals with stealing money from corporate banks. Typically, money mules are tricked into withdrawing funds in cash and wiring the money to the bad guys, but there’s a new trend in how hackers are looking to receive the stolen funds.

Krebs on Security reported that hackers are increasingly telling their mules to remit the money through bitcoin ATMs.

“It’s not immediately clear why these thieves are avoiding tried-and-true methods of disbursing cash — like Western Union and MoneyGram — in favor of bitcoin ATMs,” wrote Brian Krebs in the blog post. “I suppose it’s possible that the wire transfer companies are getting better at detecting and blocking suspicious transactions, but I doubt that’s the reason. More likely, sending cash via bitcoin results in a more immediate payday for the scammers and avoids the costs and hassle associated with hiring ‘far-end’ mules to collect fraudulent wire transfers in the scammer’s home country.”

Krebs shared the store of a Canadian reader who took a job as a customer service officer for LunarBay, a company that claimed to be a software development firm, only to learn the company wanted her to withdraw money from her own account and send them to the firm via a nearby bitcoin ATM. The report noted that, since bitcoin can’t be refunded once the money is sent, the transaction is a done deal.

More Money, More Cyberattacks

Though the rise of eCommerce has been welcomed by many consumers and businesses, it’s also presenting an even more desirable target for sophisticated cybercriminals.

The most common form of cyberattacks online retailers are facing now is what’s known as a credential stuffing attack. Usernames and passwords are revealed by one security breach and then tested against other websites and mobile APIs. This allows the hackers to actually see all of the online sites where users may have used the same usernames and passwords to gain access to their accounts.

The influx of advanced hacking methods has made it easier for hackers to run credential stuffing attacks through a number of different sites on a 24/7 basis.

“Automated attacks are used in a number of cybercriminal schemes, and they enable certain types of fraud and breaches that really aren’t possible without that level of automation,” Shuman Ghosemajumder, Shape Security’s CTO, explained.

Global Swindler Causes $140M Fraud Loss

Authorities have finally been able to catch up with a Florida businessman who is believed to have caused Westernbank Puerto Rico to lose more than $140 million on loans.

Jack Kachkar was arrested and charged with $100 million fraud. He is accused of using his pharmaceutical company to borrow tens of millions of dollars in credit from Westernbank Puerto Rico but then spending the funds on a private jet and a $6.5 million Miami Beach home.

The Justice Department confirmed that Kachkar was charged with eight counts of wire fraud and will also have to deal with a civil suit being launched by the FDIC. Kachkar’s company, Inyx, is being accused of a multitude of scams, including opening credit lines from Westernbank, false invoicing and instructing customers to deposit payments in secret bank accounts.