Data leaks have become a rising concern for companies worldwide, especially with the increasing sophistication of cyberattacks and the prevalence of ransomware. To add to the challenge, fake data leaks have also emerged as a new tactic used by threat actors. These fabricated leaks can have far-reaching consequences, damaging the reputation of organizations involved and causing unfavorable publicity, even if the leaked data is eventually proven to be false.
Cybercriminals who fabricate data leaks often seek to capitalize on the attention and publicity that established criminal groups receive. These groups, such as LockBit, Conti, and Cl0p, maintain blogs on the Dark Web and other shadow websites, where they publish information about victim companies and attempt to blackmail them. They demand ransom and set a countdown for the release of sensitive data, including private business correspondence, login credentials, and information about employees or clients. In some cases, criminals may also try to sell the data to other threat actors.
Lesser-known cybercriminals, eager for attention, create fake leaks to generate hype and deceive their “colleagues” on the black market. Novice cybercriminals are particularly susceptible to falling for these fake leaks. One common tactic used to create fake leaks is parsing databases, which involves extracting information from open sources without accessing sensitive data. Threat actors collect this information for malicious purposes, including creating fake leaks.
A well-known business networking platform experienced such a case in 2021 when an alleged dataset of its users’ data was put up for sale on the Dark Web. However, further investigation revealed that it was not a data breach but rather an aggregation of publicly accessible user profiles. This incident garnered considerable media attention and sparked discussions within the Dark Web community. Similar instances often occur with social media databases like LinkedIn, Facebook, or others, where fake leaks circulate on the Dark Web, occasionally causing alarm among targeted companies.
According to Kaspersky Digital Footprint Intelligence, the number of posts on the Dark Web mentioning social media leaks increased significantly after the aforementioned case in 2021. However, many of these messages may simply be reposts of the same database, emphasizing the prevalence of fake leaks and their potential for misinformation.
Old leaks, even if genuine, can also serve as the basis for creating fake leaks. Presenting old data leaks as new creates the illusion that cybercriminals have widespread access to sensitive information and are actively engaged in cyberattacks. This tactic helps them build a reputation among potential buyers or other criminals in underground markets. The continuous reposting of old or unverified leaks in shadow communities poses reputational risks and threatens the security of customers.
To effectively mitigate the risks associated with fake leaks, businesses must respond promptly and avoid panic. It is crucial to thoroughly investigate the reported leak by verifying the source, cross-referencing internal data, and assessing information credibility. Collecting evidence to confirm the attack and compromise is essential. Large businesses, in particular, should prepare a communication plan in advance to interact with clients, journalists, and government agencies. Proactive monitoring of the Dark Web can help detect new posts about both fake and real leaks and track spikes in malicious activity. As Dark Web monitoring requires automation and internal teams may lack resources or time, external experts are often relied upon for this task.
Additionally, developing comprehensive incident response plans with designated teams, communication channels, and protocols enables businesses to address these cases promptly if they occur. In an era where data leaks pose constant threats, swift and proactive actions are essential. By identifying and responding to incidents, conducting thorough investigations, engaging with cybersecurity experts, and collaborating with law enforcement, companies can mitigate risks, protect their reputation, and safeguard customer trust.