Jump to content
  • Data leak marketplace pressures victims by emailing competitors

    Karlston

    • 468 views
    • 3 minutes
     Share


    • 468 views
    • 3 minutes

    Data leak marketplace pressures victims by emailing competitors

     

    The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

     

    Last month, BleepingComputer reported that cybercriminals started to create dedicated data-theft extortion marketplaces that exist solely to sell stolen data.

     

    The data sold on these sites are obtained through the marketplace's own attacks, from other threat actors, or by collecting data released in other attacks, such as ransomware or website data breaches.

     

    The stolen data is sold for as low as $100 to tens of thousands of dollars depending on the marketplace.

    Under pressure

    One of these marketplaces, known as Marketo, is now taking it a step further and emailing the victim's competitors to offer samples of the stolen data and entice them into purchasing it.

     

    In April, Marketo claimed to have breached a large, heavy machinery and defense technology company and began selling their stolen data.

     

    After we assume they could not find any buyers, Marketo started emailing the communication managers for the victim's competitors to offer a "demo pack" of the stolen data.

     

    "Hello, we are Marketo and we know you have a competitor - [redacted]. So we would like to inform you that we attacked them and downloaded quite a bit of data," read the email shared with BleepingComputer.

     

    "We have confidential and personal data, info about their tax payments, clients and partners. That might significantly lower the NASDAQ price."

    marketo-email-victim.jpg
    Email sent to victim's competitors

    It is not clear if Marketo were hoping competitors would purchase the data to learn corporate secrets or to pay to damage the reputation of their competitors.

     

    The list of competitors that received this email includes multi-national billion-dollar companies whose names would be immediately recognizable to everyone.

     

    Targeting victims' competitors to pressure a ransom payment or even encourage other companies to purchase stolen data is not new.

     

    After the Clop ransomware gang went on a hacking spree targeting Accellion FTA secure file transfer devices to steal their hosted data, they also performed a similar tactic as Marketo.

     

    After not receiving ransom payments from various victims, Clop began emailing competitors and journalists with information about the attacks to pressure the victim.

     

    For one of these victims, Clop also emailed the company's customers and told them that their "phone, email, address, credit card information and social security number" would soon be leaked unless they "Call or write to this store and ask to protect your privacy!!!!"

     

     

    Data leak marketplace pressures victims by emailing competitors


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...