Campagna also found the Project Cumulus hackers proved better at covering their tracks, in sharp contrast to a similar Dark Web scam Bitglass ran last year. In that scam, which included 1,568 fake names, Social Security numbers and credit card numbers stored in an Excel spreadsheet, hackers were easy to track because few used Tor, the preferred Web browser for surfing the Dark Web anonymously. “Almost nobody covered their tracks, so we knew exactly where they were coming from, right down to their individual IP addresses,” Campagna says.
But with Cumulus, 68 percent all logins came from IP addresses anonymized via Tor, masking their IP addresses. Campagna says that Bitglass researchers noticed a large number of downloads via Tor over the past eight months. This, coupled with the high rate of Tor usage in the bank experiment, suggests hackers are becoming more security conscious, realizing that they need to mask IPs when possible to avoid getting caught, he says.
More broadly, Bitglass' new results suggest CIOs and CISOs must be vigilant about protecting corporate assets. Campagna recommends organizations exercise good cybersecurity hygiene, including strong identity management policies, such as regular password refreshes and multi-factor authentication. Data leakage prevention policies and systems that alert IT departments about anonymous behaviors are also essential. “Oftentimes these strong identity policies kind of went out the window when they moved to the cloud, but we need to return to that,” says Campagna.
A whopping 94 percent of hackers who accessed the Bitglass-created Google Drive account uncovered the victim’s other online accounts, and used the data to log into the bank's Web portal.