Billions of dollars are spent on fraud detection and prevention every year. And apart from the brutal fact that we are one step behind, there is a new flaw.
Brought to light because of the Colonial pipeline hack, a new low in fraud detection and prevention, it turns out that the hackers – DarkSide – got wind of a flaw in their ransomware process because a security firm published the fact that it had found it.
DarkSide, far from slinking back into the shadows to regroup, instead publicly thanked the security company for pointing out the flaw.
“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.” And they added that now new companies (victims) have nothing to hope for.
Apart from the embarrassment, it does turn the spotlight on a law of unintended consequences for security professionals.
By publishing too much information to promote their companies, they should keep very quiet about finding weaknesses in attack vectors. In this case, other fraud detection specialists had also found the flaw (a month previously) and had quietly searched for possible victims to help. Quietly.
Fraud detection and prevention is difficult enough at the best of times and events like this do nothing to help.
It is, of course, useful to consumers and companies when we publish stories of the latest scams and fraud techniques – which we regularly do. But fraud detection and prevention companies must find a balance between business development and helping hackers in their work.
The Colonial attack was one that struck fear into the hearts of the most senior officials in the US. Their worst nightmare had come true. Critical infrastructure can be hacked and compromised, and now the worst scenarios are no longer works of fiction.
In the world of fraud prevention, we need all the help we can get. And the last thing we need is to let the hackers know what we know and help them improve their game.