No doubt Big Data is helping organizations globally in growing their businesses at an unprecedented rate. It offers rich insights for decision-making and strategic planning. Businesses that leverage big data can be immensely successful. On the other hand, companies often ignore the drawbacks linked with it like data breaches, cyberattacks, and privacy lapses. If you aren’t protecting your crown jewels, it will fall into the wrong hands with catastrophic results.
Big Data is Growing Big
Statistics show enterprises that leveraged Big Data generated massive revenues. According to a survey, Big Data was responsible for profits amounting to $122 billion in 2015 and it is expected to generate a whopping $274.3 billion by 2022.
Since Big Data involves a large volume of both structured and unstructured data, companies collect, process, and analyze it as per the business requirements and systematically leverage it to maximize business opportunities. Organizations working on Big Data handle huge amounts of users’ personalized data to analyze their online behavior.
Risks Around Big Data Security
Several cybersecurity experts reported that threat actors are taking advantage of legitimate Big Data sources to exploit users’ valuable information. Recent research from Intel 471 revealed that adversaries are misusing Big Data technology to steal users’ data and sell it on the Chinese-language dark web markets. “With China injecting Big Data into every economic sector, the environment has become ripe for criminals to create and execute schemes that hide in the noise brought on by the amount of data at hand,” Intel 471 said.
- A threat actor in January 2021 offered real-time data for casino gaming, lottery, and stocks on a popular forum used by Chinese-linked cybercriminals. The data allegedly originated from big data sources of two of the most popular mobile network operators in China.
- In February 2021, cybercriminals offered website and application crawler data collection services on a Chinese-language cybercrime marketplace. The actor claimed to have access to insider channels of Chinese mobile operators for data collection purposes.
- In early March, an actor on a marketplace offered 10,000 user records tied to a parenting application. The offering was described as big data from an undisclosed mobile operator or operators.
- In late March, another actor offered big data information for Canada and the U.S. that included commercial databases of Canadian and U.S. businesses and investors, a hacked Twitter database, and Canadian and U.S. citizens’ information.
Malicious Schemes by Chinese Actors
Intel 471 researchers observed a series of malicious schemes involving different layers of cybercriminal activities to illicitly obtain users’ data and trade it on darknet forums. Cybercriminals maintained a data underground monetization chain consisting of a group of individuals working as per the commands, which include:
- A boss or requester who requires data for illegal use or commands a group or syndicate dealing with illegal products or services.
- Insiders or attackers who receive instructions directly from a boss and can gain access to raw data and extract the information from a service provider. These individuals profit from the information they provide to the main boss or requester.
- Middlemen who act as intermediaries for the boss and any other individuals requesting to purchase such data products. The middlemen profit by taking a cut of the commission from product sales.
- Underground platforms serve as an avenue for the syndicate or middlemen to advertise their products. End users, such as scammers, multiple types of threat actors, and even direct marketers can purchase the data or engage the services of such syndicates directly on these platforms.
“The schemes themselves proliferate partly due to China’s desire to be a global epicenter in big data analytics, especially as it pushes to become synonymous with new technology sectors like the Internet of Things (IoT),” Intel 471 added.