The Next Level of Security Threats: Doxware

Estimated reading time: 2.5 minutesIT security threats are constantly evolving. Criminals create new threats and new ways to bypass security as soon as IT professionals learn about current ones.  As infrastructures are hardened with new technology, criminals find that it easier to manipulate end users to do their work. Ransomware attacks have taken advantage of gullible end users so they can propagate onto a victim’s network. Now there is a new threat.Doxware is a combination of two different types of threats. Doxing is the sharing of private information on the internet. Ransomware is the practice of encrypting data on a corporate network, or user's PC, with the intent of holding it for ransom. Doxware combines these two. The criminals encrypt your local data so you cam no longer access it. At the same time, they also copy your sensitive information to their own servers, to retain for later use. The bad guys then request payment in a short period of time. Unless you pay, they will release your information out to the public. They target business data. That data includes names, addresses, phone numbers, social security numbers, photos, or patient data. They also target incriminating information that could cause financial loss or give up a corporation’s secrets. With ransomware, you could just clean up your drives and restore from a backup. With Doxware this is not the case. They have your data and they can share it if you do not pay. The other issue with Doxware is, even if you pay the ransom, they still have a copy of your data to potentially target you a second time. Things are escalating and getting serious. So far, there is not much that authorities can do to stop these threats. You have to protect yourself and your organization.It is imperative to review your corporate IT security strategy and ensure that security measures are in place. If you do not have the expertise in-house to take care of this, hire a professional organization to help you. Another vital, yet, an overlooked task is to make sure your end users are trained to identify potential threats and report them immediately. I have started an end user security training course within my organization.  Although I have not yet been able to get it to every department, the few departments we felt would be the most targeted having completed their training. With this simple training, we have seen the reporting of possible threats increase significantly. We have also seen a decrease in the number of end users opening suspected emails and websites. The end user training was successful and impactful. It is something to consider doing within your organization to improve security and reduce risk of attack by evolving threats.