According to recent reports from The Register, log files containing compromised online account details are being advertised on dark web marketplaces for as little as 10 cents. Once acquired, cybercriminals can easily exploit companies in a number of ways, such as by deploying ransomware in an organization's IT environment and demanding extortionate sums of money for the safe return of their company’s entire operations.
Log files are automatically generated records that store data about system activity. This includes information about running applications, services, login data, and system errors. The files are often acquired via malware, such as infostealers, that swipe account passwords, financial information, and other sensitive data from infected PCs.
The volume of advertisements placed on underground forums selling this data has increased in recent years. In fact, according to data published by Kaspersky, infostealers swiped more than 36 million credentials between 2021 and 2023.
According to Simon Bain, CEO at OmniIndex, log files are often a window to an entire business, and more must be done to protect them from outsider threats such as infostealers.
Bain: “If log files fall into the wrong hands, they can provide information about a system that can be used to identify weaknesses in your security setup. Once accessed, log files can be exploited by cybercriminals in a number of ways to both corrupt a system and gain data from it.
“This includes corrupting logs with fake entries and malicious code to overwhelm a system’s capacity, forcing it to fail and crash, and stealing sensitive data such as usernames and passwords, financial transactions, personally identifiable information, and system details such as IP addresses and authentication tokens.
“What’s more, accurate log files are crucial for regulatory compliance as they facilitate the auditing process. Cybercriminals can also alter entries to hide malicious activity or manipulate logging features to enable unauthorized actions, including fraudulent financial transactions.”
According to Bain, it is possible to ensure that log files remain encrypted while still being used by businesses through web3 technology and fully homomorphic encryption.
Bain: “Through Web3-powered data platforms, log files are protected from attack and exposure as they are stored in a fully encrypted, immutable blockchain. Entries cannot be corrupted as they are immutable, and the transparent record of transactions means any fake entries can be identified and dealt with.
“Utilizing this technology is the only way to enable log files to remain fully encrypted at all times while being subjected to analytics. This means companies can gain all the needed real-time insights from them around the security of their system while never exposing that data or putting it at risk as it cannot be read and run automatic AI and ML processing of the files to immediately alert the dedicated security team to any threats or weaknesses in the system.
“For example, analytics of the fully encrypted data could prevent a distributed denial-of-service (DDoS) attack by analyzing traffic logs in real time to identify sudden spikes in incoming requests from multiple sources designed to overwhelm the system. By detecting this threat in real time, the system can react to stop the attack through traffic rerouting or rate limiting.”
