As hacking becomes more of a profitable venture than a method of collateral damage, we’re seeing bigger and bigger companies fall victim to hackers. Recently, the largest health company in Canada, LifeLabs, suffered a giant data breach that involved the records of 15 million customers.
Hackers managed to get into LifeLab’s servers through an unpatched entry point in their systems. From there, they gained access to the databases and stole the data they found there. The hackers gained personal details of 15 million customers, including names, home addresses, email addresses, usernames, and passwords.
Usually, when these hacks occur, the hacker intends to shift the data onto the black market. Here, people interested in such details would buy the details from the hacker. For example, spammers are interested in people’s active email addresses, as they have a higher chance of scoring a successful scam. Usernames and passwords are useful for cracking open other accounts where passwords were reused.
However, this time, the hackers were “benevolent.” Instead of selling the data on, they contacted LifeLab and gave them a compromise. The hackers would return the data to LifeLab if they paid a large sum of money.
LifeLab felt pressured to recover its customers’ details, so they paid the sum. It’s undisclosed how much money they had to pay, but given how they are the largest health company in Canada, it’s safe to say the sum was vast.
The New Era of Cybercrime
This attack is a prime example of the direction hacking is taking. Last year we saw a nasty spike of ransomware attacks as hackers discovered the potential for a huge ransom.
However, companies rose up to defend against the ransomware. Security firms found holes in the ransomware and undid its encryption without the victim paying a penny. Windows even comes with an anti-ransomware feature now, specifically to tackle this problem.
As such, while ransomware does still work in the present-day, it’s not as sure-fire to get a payout than it used to be. Now it appears the hackers are taking the role of the ransom collector, instead of letting a program handle it. To achieve this, the hackers need to steal data from the source and ensure there are no backups remaining.
It’s a tricky gambit, but if they pull it off like above, they can see huge returns for their efforts; that is if they don’t get caught red-handed in the future!
Companies should already be keeping secure backups of their data, but if anything makes for a good case for one, it’s this attack. If a company fails to properly back up, they may have to pay even more to a hacker once their data is held for ransom.
Hackers are moving to big businesses for their payouts, and the LifeLabs attack is a worrying example of this. Hacking isn’t about doing damage for the sake of fun anymore; now it’s about stealing important credentials and demanding a sum to get them back.
Do you think paying the criminals is the best path? Or does this encourage other hackers to follow suit? Let us know below.