The security researchers of Intel 471 have recently detected a cybercriminal group ShinyHunters that is continuously trying to collect all essential data of the enterprises.
The cybercriminal group ShinyHunters are searching for all large enterprises so that they can conduct larger-scale attacks. The experts have started analyzing this vulnerability and came to know that the threat actors in this attack were using modus operandi.
In one of their reports, they claimed that the threat actors are collecting data just like the gamer collects Pokemon in-game. ShinyHunters was conducting some of the most notable breaches, which were detected by the security experts of Intel 471.
However, till now the threat actors have attacked Microsoft’s GitHub account, photo editing app Pixlr, and men’s clothing retailer Bonobos.
Apart from this, the security analysts have claimed that the threat actors have breached sports media companies, a mobile travel program, and a website that enables musical artists to discover and book gigs.
The data breach was detected when the revelation of the average cost of a data breach increased from $3.86 million to $4.24 million.
It was the highest average cost in 17 years, which has all negotiated credentials that are accountable for 20% of the breaches which were being reported in nearly 500 organizations.
The security analysts started investigating the attack more carefully, and it came to know that 70 million records with privately identifiable data that the threat actors have taken from telecom giant AT&T.
After calculating the damages, it was estimated that the average data breach this year is around $4.4 million. The targets that were being attacked by the group ShinyHunter have spread in different economic sectors.
The procedure that was being used by the threat actors during the breach generally follows a consistent pattern to get the organizational data.
Not only this the Risk-Based Security team detected that the ShinyHunter has shown a total of more than 1.12 million individual email addresses that are relating to S&P 100 companies, education, government, and military entities.
This is not the first time that the ShinyHunters were attacking the enterprises, and they are known for compromising websites and developer repositories to steal credentials.
The threat actors target the company’s cloud services, which are consequently exploited to obtain access to databases and that’s why they can collect all the delicate data to be resold for profit or advertised for free on hacker forums.
The security researchers affirmed that tracking threat actors like this are essential to stop enterprises from being slapped with this kind of attack.
So, the information that was being collected by the ShinyHunters is most of the time get sold on the same underground marketplaces where ransomware threat actors use it to implement their own attack.