Moral of the story: watch what you disclose on the Internet before your organization gets hit by doxxers reading your escapades.

Hackers seem to have adapted some of the tricks used by advance persistent threat (APT) groups to improve their nefarious goals, such as targeted ransomware hits on organizations.

The latest development in this trend is ‘corporate doxxing’—the process of gathering confidential information about an organization and its employees without their agreement, then using that information to harm them or profit from the campaign. 

One of the methods used to dox organizations is via Business Email Compromise (BEC) attacks, where the attacker impersonates a colleague or superior to extract confidential information (such as client databases) or to steal funds.

Some trends are making BEC attacks easier and more attractive to hackers:

• the proliferation of publicly-available information
• data leaks 
• advancements in stalking/doxxing/social engineering tactics

In February 2021 Kaspersky cybersecurity experts detected 1,646 such attacks, underlining the vulnerability of organizations when it comes to the exploitation of publicly-available information. Such attacks would not be possible on a massive scale without criminals being able to easily gather and analyze public information available on social media and beyond—such as names and positions of employees, their whereabouts, vacation times and connections.

Doxxing is not always about shaming
The act of publicly revealing previously private personal information about an individual or organization, usually through the Internet, is called ‘doxxing’. While the most common form of doxxing can be seen among activists in society wishing to shame one or more wrongdoers, the act itself can be precipitated by other agendas, such as extortion, bullying, vigilantism and egoism.

When organizations are doxxed, the reason could be espionage, personal vendettas of staff and/or ex-staff, and the usual mercenary agendas. The diversity of ways organizations can be doxxed is staggering: besides the more obvious methods such as phishing or compiling profiles on organizations using data leaks, other ways include more creative, technology-driven approaches.

One of the most trendy corporate doxxing strategies is identity theft. As a general rule, doxxers rely on information to profile specific employees and then exploit their identity. New technologies such as deepfakes make such initiatives easier to execute, provided there is public data to begin with. For instance, a deepfake video of someone believed to be an employee of an organization could harm the company’s reputation. To create such fake videos, doxxers would simply need some kind of visual image of the target employee and basic personal information.

Voices could also be abused: a top-level speaker presenting on the radio or in some podcast could potentially end up having his or her voice recorded and then imitated later: for instance, in a call to the Accounting team requesting an urgent banking transfer or sending over client databases.

According to Roman Dedenok, a security researcher at Kaspersky: “While doxxing is generally believed to be an issue for regular users—we often see it figure in social media scandals—corporate doxxing is a real threat for an organizations’ confidential data and one that should not be overlooked. It may result in financial and reputational losses, and the more sensitive the confidential information extracted is, the higher the harm. At the same time, doxxing is one of the threats that could be prevented or at least significantly minimized with strong security procedures within an organization.”