IBM released its annual calculation of the average data-breach cost: $4.88 million in 2023—a 10% spike from the previous year’s figure. And this year, the company measured a murky metric that adds more moolah to the figure: shadow data.

“Shadow data is that data that an organization needs to keep track of and should be aware of, but isn’t,” Sam Hector, global strategy leader at IBM Security, told IT Brew, citing examples like uploads to unsanctioned cloud services and storage on personal drives and public repositories, such as GitHub.

When this unmanaged, invisible-to-IT data is involved in the breach, the cost rises to $5.27 million, 16.2% higher than the average cost without shadow data. Over one-third (35%) of breaches featured shadow data, according to IBM’s study of 604 organizations that suffered a data breach between March 2023 and February 2024.

Hector spoke with IT Brew about why costs rise when data goes dark.

Read more here.—BH

Forget scare tactics—new research from OALabs Research shows that bad actors are looking to “annoy” their way into obtaining the Google Chrome log-in credentials of their next victims.

According to a Sept. 11 research note, hackers are using a new attack technique alongside information stealing malware to force victims into coughing up their Google account password.

What’s the magic (pass)word? The technique is mainly deployed through Amadey malware, which uses an AutoIt script to launch an individual’s browser in kiosk mode—a setting that restricts their device to running a single application in full-screen mode, similar to a self-service kiosk—and direct them to the login page of a targeted service. While in kiosk mode, the Escape and F11 keyboard keys, which would bypass full-screen mode under normal circumstances, become disabled.

“This tactic annoys the victim into entering their credentials in an attempt to close the window,” the researchers wrote. “Once the credentials are entered, they are stored in the browser’s credential store on disk and can be stolen using stealer malware, which is deployed along with the credential flusher.”

OALab researchers claim that the technique has been used by hackers since August of this year in “conjunction” with StealC, a credential stealing malware.

Keep reading here.—BM

In a sharing mood, security platform KnowBe4’s CEO revealed the company’s encounter with a remote hire who turned out to be a fake-ID-giving, malware-loading insider threat.

A blunt blog post from KnowBe4’s CEO Stu Sjouwerman (titled “How a North Korean Fake IT Work Tried to Infiltrate Us”) reminded IT pros of important verification checks against a remote fraudforce.

“It’s knowing what to spot and then becoming really good at spotting that,” Brian Jack, CISO at KnowBe4, told IT Brew.

In the July 23 blog post, KnowBe4’s CEO shared how a newly hired internal software developer used an image modified with AI tools and passed an interview ID check. Later, the company’s IT team discovered the user manipulating session-history files and executing unauthorized software.

“It turns out this was a fake IT worker from North Korea,” Sjouwerman wrote.

Read the rest here.—BH