[Source: This article was published in infosecurity-magazine.com By Liv Rowley - Uploaded by the Association Member: Jasper Solander]

The surface web poses many threats to organizations, but the deep and dark web has gained notoriety over the years as more and more cyber-criminals make use of underground forums and marketplaces to buy and sell goods such as stolen credentials and personally identifiable information (PII).

Various anonymizing features and a lack of state-based governance has allowed cybercrime to flourish in this relatively safe space. 

Stolen information, illegal services and other illicit offerings and activity can be observed with unnerving regularity on the deep and dark web. Goods can be put together or sold as packages alongside other Cybercrime-as-a-Service (CaaS) offerings, thereby lowering the barrier to entry for novice cyber-criminals and allowing veterans to outsource parts of their operations. 

Dare to delve?

Whilst the darknet is complicated to navigate, it is far from impossible to penetrate. There are public Tor indexers available – such as Torch and Grams – though they are often clunky to use and not comprehensive in their reach.

Threat intelligence companies may offer cybersecurity modules that crawl the darknet, indexing content and providing search engine-like capabilities to defenders who purchase these services. Forums, however, may need to be infiltrated first in the same way as you would a real-world criminal organization.

However, organizations must first determine whether the risks associated with this type of hands-on research are worth it. These risks include the possibility of being unwittingly or unintentionally infected with malware or otherwise exposing yourself to those with malicious intentions. A strong understanding of operational security and acceptance of the risks associated with this type of research is key. In many cases, organizations may find it more prudent to enlist the help of threat intelligence vendors, whose professional expertise may come in useful.

Threat actors utilize Tor, I2P and other darknet browsing software to access hidden forums and marketplaces, while others lurk on the deep web behind password-protected or invitation-only closed forums or groups on Telegram, WhatsApp and other chat platforms. Some expect you to prove technical knowledge to gain entrance to a forum or to actively participate in a cyber-criminal community in order to maintain access. In other cases, you may need to be invited or recommended by a trusted relationship to gain access. 

Keep your enemies close

Organizations looking to conduct dark web research are setting out on a challenging task; dark web research can be similar to knowing that a party is taking place, but not knowing the address. Analysts need to be ready to hunt, dig and immerse themselves in the underground in order to find the action. In doing so, analysts are exposed to the myriad products and conversations surrounding cybercrime in these spaces, training their eye to be able to filter and identify the real threat.

This in turn allows organizations to better understand what they need to defend themselves against. In order to assess a threat actor’s credibility and the legitimacy of a particular threat, researchers may look at factors such as a threat actor’s reputation or length of time on the darknet.

Companies should prioritize monitoring for data related to their organization, such as proactively searching the dark web to find stolen credentials. Doing so at an early stage can massively reduce the risk or impact of an attack.

Detecting them using threat intelligence services can not only prevent additional breaches but also force IT security teams to locate the sources of the initial attacks and fix existing problems so attacks cannot occur again through that vector.

Stay alert and keep watch

In addition to looking for stolen credentials, it is also wise to monitor (using defined search terms) for documents or PII which might have been stolen or unintentionally leaked. Stricter data protection regulations mean that data leaks can have an even larger impact on an organization’s bottom line, as well as its reputation. In the event of a GDPR penalty, a company that can demonstrate robust detection capabilities can vastly reduce its liabilities.

A network of crawlers and sensors can alert organizations when their credentials have been offered for sale on the dark web – if you know what’s been stolen, it’s easier to block and mitigate damage. Good cyber threat intelligence is crucial to providing this feedback of information to build stronger defenses around any business.

Tracking for crimeware kits, malware, threat actors and TTPs that could target their sector more generally can also help security teams strengthen their security posture, broaden their situational awareness and put in place appropriate defense measures before adversaries can strike. 

The best way to fight cybercrime on the darknet is to operate in much the same way as the bad guys. If you understand the scope of what’s available to criminals, it’s a lot easier to rationalize how to defend against cyber-attacks and enable others to do the same. Collaboration and intelligence sharing is crucial in the fight against cybercrime.

Categorized in Deep Web

 Source: This article was Published securityintelligence.com By Jasmine Henry - Contributed by Member: Deborah Tannen

The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. In fact, very few cybercriminals work alone. Eighty percent of cybercrime is linked to criminal collectives, and stolen data-shaped goods surface rapidly on darknet forums and marketplaces following cybersecurity incidents with data loss.

Adapting to these trends is essential. Organizations with the ability to extract threat intelligence from data-mining these elusive online sources can achieve a significant security advantage.

Deep Web and Darknet: What’s the Difference?

The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web. Anything beyond that is defined as the deep web. While estimates vary, some researchers project there is 90 percent more deep websites than surface ones, according to TechCabal. In the deep web are unindexed websites that are not accessible to everyday Internet users. Some restrict access, others are routed through many layers of anonymity to conceal their operators’ identity.

Darknet websites and technologies are a subset of the deep web classification, which consists of sites intentionally hidden and generally only accessible through technologies like The Onion Router (Tor), a software that facilitates anonymous communication, or peer-to-peer (P2P) browsers. This hidden web is closely associated with anonymity and (in some cases) criminal activity supported by open exchange and collaboration between threat actors.

How to Draw Dark Threat Intelligence

“Dark web intelligence is critical to security decision-making at any level,” said Dave McMillen, senior analyst with X-Force IRIS at IBM X-Force Incident Response and Intelligence Services (IRIS). “It is possible to collect exploits, vulnerabilities and other indicators of compromise, as well as insight into the techniques, tactics, and procedures [TTPs] that criminals use for distinct knowledge about the tools and malware threat actors favor.”

When this real-time threat data is filtered through sufficient context and separated from false positives, it becomes actionable intelligence. McMillen believes there are several ways organizations can benefit from dark-sourced intelligence. These benefits include understanding emerging threat trends to develop mitigation techniques proactively. Dark-source intelligence could also help with identifying criminal motivations and collusion before attacks. It could even aid in attributing risks and attacks to specific criminal groups.

How to Identify Darknet Security Risks

For expert threat researchers like McMillen, patterns of deep web activity can reveal an attack in progress, planned attacks, threat trends or other types of risks. Signs of a threat can emerge quickly, as financially-driven hackers try to turn stolen data into profit within hours or minutes of gaining entry to an organization’s network.

The average time it takes to identify a cybersecurity incident discovery is 197 days, according to the 2018 Cost of a Data Breach Study from the Ponemon Institute, sponsored by IBM. Companies who contain a breach within 30 days have an advantage over their less-responsive peers, saving an average of $1 million in containment costs.

“Employing dark web monitoring solutions that allow the use of focused filters to identify key phrases, such as your brand and product names, that may contain information that can negatively affect your organization is a good start in your effort to glean useful intelligence from the dark web,” McMillen said.

The collected data should then be alerted and routed through a human analysis process to provide actionable insights. Context-rich threat intelligence can reveal many different forms of risk.

1. Organization or Industry Discussion

Among the key risk factors and threats are mentions of an organization’s name in forum posts, paste sites, channels or chatrooms. Contextual analysis can determine whether threat actors are planning an attack or actively possess stolen data. Other high-risk discussions can surround niche industries or verticals, or information on compromising highly-specific technologies employed by an organization.

2. Personally Identifiable Information (PII) Exchange

When a breach has occurred, the sale of PII, personal health data, financial data or other sensitive information can be indicative of the aftermath of an attack. A single data record can sell for up to $20, according to Recorded Future. This data is generally stolen en-masse from large organizations — such as credit agencies and banks — so a few thousand credit card numbers can turn a huge profit.

Unsurprisingly, 76 percent of breaches are financially motivated, according to the 2018 Data Breach Investigations Report from Verizon.

3. Credential Exchange

Lost or stolen credentials were the most common threat action employed in 2017, contributing to 22 percent of data breaches, according to the Verizon report. While the presence of usernames and passwords on paste sites or marketplaces can indicate a data breach, contextual analysis is required to determine whether this is a recent compromise or recycled data from a prior incident.

In May 2018, threat intelligence company 4iQ uncovered a massive floating database of identity information, including over 1.4 billion unencrypted credentials.

“The breach is almost two times larger than the previous largest credential exposure,” Julio Casal, founder of 4iQ, told Information Age.

4. Information Recon

Social engineering tactics are employed in 52 percent of attacks, according to a February 2018 report from security company F-Secure. Collusion around information recon can surface in both open and closed-forum exchanges between individual threat actors and collectives.

5. Phishing Attack Coordination

As phishing and whaling attacks become more sophisticated, deep web threat intelligence can reveal popular TTPs and risks. Coordination around information recon is common. Threat actors can now purchase increasingly complex phishing-as-a-service software kits and if defenders are familiar with them, they can better educate users and put the right controls in place.

dir=”ltr”>Although malicious insiders cause fewer breaches than simple human error, the darknet is an established hub for criminal collectives to recruit employees with network credentials for a sophisticated attack. Dark Reading tracked nearly twice as many references to insider recruitment on darknet forums in 2016 as in 2015.

7. Trade Secrets and Sensitive Asset Discussions

Trade secrets and competitive intelligence are another lucrative aspect of threat actor commerce that can signal risks to researchers. In one recent incident reported by CNBC in July 2018, a likely Russian cybercriminal sold access to a law firm’s network and sensitive assets for $3,500. Having had that information ahead of time could have saved the victim time, money, and reputational damage.

What Are the Challenges to Deriving Value From Dark Sources?

While there is clear strategic and tactical value to darknet threat intelligence, significant challenges can arise on the road to deep web threat hunting and data-mining. For instance, it’s not ideal to equip security operations center (SOC) analysts with a Tor browser. The potential volume of false positives based on the sheer size of the hidden web necessitates a more effective approach.

“The dark web is fragmented and multi-layered,” McMillen said.

When researchers discover a credible source, it generally requires hours to vet intelligence and perform a complete analysis. Darknet commerce has also grown increasingly mercurial and decentralized as law enforcement tracks criminal TTPs as they emerge. Security leaders who can overcome these barriers have the potential to significantly improve security strategy in response to emerging threat trends and risk factors.

The 2018 Artificial Intelligence (AI) in Cyber-Security Study from the Ponemon Institute, sponsored by IBM Security, discovered that artificial intelligence (AI ) could provide deeper security and increased productivity at lower costs. Sixty-nine percent of respondents stated that the most significant benefit of AI was the ability to increase speed in analyzing threats.

As leaders consider how to deepen adoption of dark threat intelligence, it’s valuable to understand that not all intelligence sources can adequately capture the full scope of threat actor exchange on this vast, fast-morphing plane. Relying on stagnant, outdated or fully automated technologies may fail to mitigate important risks. The best mode of protection is one which combines the intelligence of skilled human researchers and AI to turn raw data into actionable intelligence effectively.

Categorized in Deep Web

A new form of malware hit the internet Tuesday, shutting down systems across Europe and impacting companies from the U.S. to Russia. Unfortunately, the attack, which early reports indicate seems to have hurt Ukrainian organizations and agencies more in particular, is still largely a mystery for security researchers.

A form of ransomware, the malware encrypts a victim’s PC and demands that they pay $300 in exchange for the keys to unlock their computer or lose all of their data. The attack even managed to affect radiation monitoring equipment at the exclusion zone around the Chernobyl nuclear disaster site, forcing workers to rely on manual checks instead.

Cybersecurity firms originally believed the malware to be a perviously known form of ransomware called Petya, but Kaspersky Lab says it’s actually a different, unknown version kind of ransomware, causing the cybersecurity company to dub it NotPetya.

Interestingly, the Petya/NotPetya software uses a Microsoft (MSFT) Windows vulnerability similar to the one exploited by the WannaCry 2.0 ransomware which hit the web a few weeks ago. But it looks like that exploit, which was originally used by the NSA and called EternalBlue, is just one of three attack points this ransomware takes advantage of.

If your computer is infected with malware, your best bet is to simply erase the entire system. Ransomware programs sometimes require you to pay in Bitcoin, an anonymous currency that can’t be tracked.

However, criminals have increasingly begun demanding payment in the form of iTunes or Amazon gift cards, since the average person doesn’t know how to use Bitcoin, according to McAfee’s Gary Davis.

The amount you have to pay to unlock your computer can vary, with some experts saying criminals will ask for up to $500.

To be clear, ransomware doesn’t just target Windows PCs. The malware has been known to impact systems ranging from Android phones and tablets to Linux-based computers and Macs.

Where it comes from

According to Davis, ransomware was actually popular among cybercriminals over a decade ago. But it was far easier to catch the perpetrators back then since anonymous currency like Bitcoin didn’t exist yet. Bitcoin helped changed all that by making it nearly impossible to track criminals based on how victims pay them.

There are multiple types of ransomware out there, according to Chester Wisniewski, a senior security advisor with the computer security company Sophos. Each variation is tied to seven or eight criminal organizations.

Those groups build the software and then sell it on the black market, where other criminals purchase it and then begin using it for their own gains.

How they get you

Ransomware doesn’t just pop up on your computer by magic. You actually have to download it. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that.

Here’s the thing: That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages.

For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

“Criminals are looking are looking up information about where you live, so you’ll click (emails),” Wisniewski explained to Yahoo Finance. “So if you’re in America, you’ll see something from Citi Bank, rather than Deutsche Bank, which is in Germany.”

Cybercriminals can also target ransomware messages to the time of year. So if it’s the holiday shopping season, criminals might send out messages supposedly from companies like the US Postal Service, FedEx or DHL. If it’s tax time, you could receive a message that says it’s from the IRS.

Other ransomware messages might claim the FBI has targeted you for using illegal software or viewing child pornography on your computer. Then, the message will tell you to click a link to a site to pay a fine — only to lock up your computer after you click.

It’s not just email, though. An attack known as a drive-by can get you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware. Just like that, you’re locked out of your computer.

How to protect yourself

Ransomware attacks vulnerabilities in outdated versions of software. So, believe it or not, the best way to protect yourself is to constantly update your operating system’s software and apps like Adobe Reader. That means you should always click that little “update” notification on your desktop, phone, or tablet. Don’t put it off.

Beyond that, you should always remember to back up your files. You can either do that by backing them up to a cloud service like Amazon (AMZN) Cloud, Google (GOOG,GOOGL) Drive or Apple’s (AAPL) iCloud, or by backing up to an external drive.

That said, you’ll want to be careful with how you back up your content. That’s because, according to Kaspersky Lab’s Ryan Naraine, some ransomware can infect your backups.

A ransomware attack screen designed to look like an official message from the F.B.I

Naraine warns against staying logged into your cloud service all the time, as some forms of malware can lock you out of even them. What’s more, if you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished, or the ransomware could lock that, as well.

Naraine also says you should disconnect your computer from the internet if you see your system being actively encrypted. Doing so, he explains, could prevent all of your files that have yet to be encrypted from being locked.

Above all, every expert I spoke with recommended installing some form of anti-virus software and some kind of web browser filtering. With both types of software installed, your system up to date, and a backup available, you should be well-protected.

Oh, and for the love of god, avoid downloading any suspicious files or visiting sketchy websites.

What to do if you’re infected

Even if you follow all of the above steps, ransomware could still infect your computer or mobile device. If that’s the case, you have only a few options.

The first and easiest choice is to delete your computer or mobile device and reinstall your operating system. You’ll lose everything, but you won’t have to pay some criminal who’s holding your files hostage.

Some security software makers also sell programs that can decrypt your files. That said, by purchasing one, you’re betting that it will work on the ransomware on your computer, which isn’t always the case. On top of that, ransomware makers can update their malware to beat security software makers’ offerings.

All of the experts agree that the average person should never pay the ransom — even if it means losing their files. Doing so, they say, helps perpetuate a criminal act and emboldens ransomware makers.

Even if you do pay up, the ransomware could have left some other form of malware on your computer that you might not see.

In other words: Tell the criminals to take a hike.

Source: This article was published Yahoo Finance By Daniel Howley

Categorized in Internet Privacy

Panaji: With 1.3 billion connected devices and Internet of Things (IoT) devices expected to populate homes in India by 2021, home networks can become easy targets for cyber criminals, said global cyber security agency Fortinet.

Personal, financial and medical information, as well as work assets are all at risk from increasingly sophisticated malware and financially-motivated cybercriminals, Fortinet said in a report.

"Faster and more affordable internet connections are driving more home users in India to deploy internet-connected devices at home. Recent IoT-based attacks have revealed the sheer volume and ease by which billions of connected devices can be weaponized and used to disrupt the digital economies of entire countries and millions of users. These issues are compounded by the lack of basic security features and management capabilities in many IoT devices," said Fortinet regional vice-president for India and SAARC Rajesh Maurya.

Connected devices on the home network range from smart TVs, entertainment and gaming systems, smart refrigerators, to online home security systems. All of these devices are connected to the internet through a home WiFi system.

In order to secure home networks, Fortinet recommends that users identify devices that connect to the Internet through the WiFi network and to restrict and monitor the traffic generated by the devices.

"Home networks and devices tend to become infected because security is notoriously lax. Set up a separate connection for work, only connect through a VPN tunnel, and consider encrypting sensitive data travelling back and forth between home and corporate networks," Maurya suggests

According to a NASSCOM report, India will account for 5% of the global IoT market valued at 15 billion USD by 2020. Experts predict an average of 4.3 internet-connected devices for every man, woman and child on this planet by 2020.

Author : tnn

Source : timesofindia.indiatimes.com



Categorized in Internet Privacy

A flourishing, global marketplace of illicit goods and services that operates in the dark recesses of the World Wide Web is creating new opportunities for cybercriminals and risks for businesses and consumers.

Hacking services, narcotics, weapons, child pornography, stolen credit card numbers and other private records – nearly any kind of illegal product or unethical service – is available on the Dark Web, or Dark Net.

“It’s a bastion of all sorts of illegal and unethical activity,” according to experts with SBS CyberSecurity of Madison, S.D.

The Dark Web is a volunteer network of computers that can be accessed on the Internet with special software that is free and easy to acquire. Communications on the Dark Web pass through multiple encryption points to hide IP addresses, and locations are masked.

The anonymity enables people to communicate secretly and conduct business with untraceable cyber currency, such as Bitcoin.

“If you look at cybercrime as a business model, the Dark Web has completely changed how it can be done,” said Buzz Hillestad, a Sioux Falls-based, senior consultant with SBS CyberSecurity. “It can be done anonymously now, which is pretty scary.”

SBS used to be known as Secure Banking Solutions. The company recently changed its name because it assists businesses in fields beyond financial services.

During the past few years, the Dark Web really has emerged into an information superhighway for criminals and unethical practices. The limited-access area that has come to be known as the Dark Web initially was developed by a U.S. military agency in the late 1990s. Information about The Onion Routing project was released to the public in the early 2000s.

So-called onion routing uses layers of relay points and encryption to make communications anonymous. A message from Sioux Falls might look like it came from another country.

Tor is an acronym for The Onion Routing project. It is also the name of software that can be used to access the Dark Web and can refer to the network of computers that make up the Dark Web.

The network initially was developed for legitimate reasons. Law enforcement agencies can use it to communicate secretly, for example, and whistleblowers can use it to expose wrongdoing. It’s also a way for people in tightly controlled countries to get around government-imposed blocks on public information.

Supporters of the network tout it as a vehicle that protects freedom of expression and privacy. The secretive network also can present unrecognized dangers.

Hillestad recently consulted with a healthcare business that had unknowingly been routing information to its transcription service through the Dark Web. The software had been designed that way, possibly just to reduce data-transmission hassles, Hillestad said. Regardless, he advised the facility to get rid of the software.

“There’s no way of knowing where the data was going,” he said.

Hillestad and other experts advise businesses to block and monitor traffic in their networks with common Dark Web protocols, such as Tor or I2P.

Business firewalls often block suspicious traffic coming into a network, but many companies don’t filter traffic going out. Suspicious traffic leaving a network also should be blocked to break the chain of communication, because malware might have gotten into a system through deception or some other means, Hillestad said.

Business leaders also should be automatically alerted about suspicious traffic in their networks so that it can be monitored, he said.

In addition, there is no work-related reason for an employee of a legitimate business to have a Dark Web browser loaded on a company computer, Hillestad said.

“It’s important to know how this stuff works so you can fight it,” he said.

The Dark Web isn’t the only cyber tool that criminals have available to them. They also can misuse search engines such as Shodan, which for a fee can be used to search the Deep Web (but not the Dark Web) to locate private devices such as cameras and public services connected directly to the Internet.

Computerized business and home devices always should be run through a network firewall, Hillestad advises.

A closer look

Advances in technology and the explosive growth of business and personal use of the Internet and private networks to create, move and store sensitive data have fueled a corresponding increase in cybercrime and threats to information.

Juniper Research, a company based in England, estimates that the rapid digitalization of information will increase the global cost of data breaches to $2.1 trillion by 2019. That’s four times the cost of breaches in 2015.

Advances in hacking technology and profit potential in selling or using stolen information is contributing to the growth of cybercrime. Information such as a stolen healthcare record, for example, can be sold online and used by a buyer to make fraudulent claims worth many times the price of the document.

A vast inventory of stolen records with sensitive information are openly for sale on the Dark Web, which takes up a small part of the World Wide Web.

If the World Wide Web is viewed as an iceberg, the Surface Web would be the visible part that sits above the waterline. That’s the publicly accessible part of the Internet that is indexed sites. It’s searchable with tools such as Google, Bing and Yahoo.

Below the surface of the water would be a vast maze of unindexed information known as the Deep Web, where academic, government and business data are stored. Much of that information can only be queried through direct links.

At the bottom of the iceberg is the secretive tip known as the Dark Web. The Dark Web overlays the public internet, but accessing it requires special software, which is free and available online.

Tutorials are available online that show people how to access the Dark Web.

Hillestad and Nick Podhradsky, senior vice president of operations at SBS, recently hosted a webinar that included a tour of the Dark Web. “It’s an e-commerce site that makes it easy to be a bad guy,” Podhradsky said.

Judging from the SBS webinar and other reports, shopping on the Dark Web is not much different than shopping on mainstream websites. There are virtual shopping carts, payment options, classified ads, out-of-stock product advisories and customer reviews.

The Dark Web even has its own information sources. One of the best known information sources is DeepDotWeb.com, which reports news about the Dark Web but is a publicly accessible website. DeepDotWeb looks like a mainstream news publication, but its content is different. It carries a lot of news about arrest reports and market conditions.

“International law enforcement gathered to share concerns about Bitcoin and money laundering,” said one recent headline. “Over 10,000 firearms seized in Spain, bought on the darknet,” said another.

Another recent headline said: “Man tried to hire a hitman on the darknet to kill his wife but got scammed and arrested instead.”

Anyone can open a node, or relay site, on the Dark Web. Law enforcement agencies are known to set up dummy sites to try to track and stop lawbreakers. Inexperienced browsers have to be careful, because scams are common risk.

Hillestad said the Dark Web is a pretty new phenomenon to most people. The rise of ransomware really helped popularize it among criminals. Ransomware is a type of malware that is used to remotely lock up targeted computers and files. Then, the wrongdoers behind the attack demand payment to unlock the information. A lot of ransomware and denial-of-service attacks start with resources from the Dark Web.

To reduce the likelihood of ransomware and other malware being introduced into business networks, security experts stress the importance of companies to training employees well. For example, employees should be trained to not open attachments that arrive unexpectedly.

Companies should track social engineering trends, so that employees and customers can be warned about phishing attacks that could lead to data breaches. Phishing refers to tactics used by cybercriminals to trick people out of sensitive information, such as passwords.

Companies that don’t want information discovered shouldn’t put it online in accessible form, said William Bushee, vice president of technology for BrightPlanet.

BrightPlanet is a Sioux Falls company that uses technology to harvest information from the Deep Web, which is the unindexed part of the World Wide Web between the Surface Web and the Dark Web.

A two-year-old report or news story might no longer be searchable on the Surface Web, for example, but it might exist on the Deep Web. Clients can use information from the Deep Web to identify patterns, threats and opportunities, according to BrightPlanet.

Bushee notes that the Dark Web, or Tor network, didn’t even exist a decade ago.

“Anonymity is really why the Tor network was created in the first place. But as soon as you have anonymity, what do you have? People doing bad things,” he said. “It breeds bad things. But the network itself isn’t bad.”

Cybercrime is flourishing with the help from the Dark Web, but there are steps that businesses can take to reduce risks.

SBS CyberSecurity and other security businesses encourage companies to block protocols commonly used to access the Dark Net from exiting their firewalls. Companies also are encouraged to monitor suspicious traffic.

Good, ongoing employee training also can reduce the risk of a business suffering a malware attack or data breach.

Gary Fischer, a sales engineer at SDN Communications, agrees that good, application-aware firewalls can help protect business networks. SDN is a Sioux Falls company that provides broadband connectivity and cybersecurity services to businesses.

Companies can reduce risks by monitoring what employees do on the internet, if that’s a concern. Companies also can control what software can be installed on computers, Fischer said

“One solution doesn’t cover everything. You might have to do multiple things” to help keep a business network safe, he said.

Jon Pederson, chief technology officer at Midco, also encourages businesses to have good firewall in place. Midco provides internet, phone and TV services to businesses as well as residential customers in the region.

“If electrical engineers get together at a conference and exchange information, they’re going to be better electrical engineers,” Pederson said. The same holds true for hackers exchanging information on the Dark Web, he said.

“If I was law enforcement, that’s where I’d be hanging out to find the bad guys,” Pederson said.

Businesses and other organizations also have opportunities to get together to share information and help protect themselves. One option is the InfraGard.

The FBI collaborated with infrastructure and academic experts and to start the InfraGard program. Participation is aimed at protecting national assets such as communication networks, water supplies, food, banking information, energy sources, transportation systems and public health.

South Dakota has a chapter. Prospective members can find out more about the collaborative program and apply for membership by visiting the InfraGard South Dakota Member Alliance website at www.sdinfragard.net. There is no cost.

Source : http://www.argusleader.com/story/news/business-journal/2017/02/14/dark-web-cybercrime-carries-risks-businesses/97914328/

Categorized in Deep Web

It has already been a record-setting year for hacking scandals, and the headlines show no signs of slowing as we reach the end of 2016. Today's hack of Netflix's Twitter account by hacking collective OurMine is only the latest development in a year that has seen digital security become an issue of national security and election year politics.

OurMine, which is "a self-described white hat security group," said it was just testing Netflix security. The group suggested Netflix contact it to find out more about the hack. OurMine tweeted its message this morning, along with an email address and logo, to the nearly 2.5 million Twitter followers of @netflix, which is Netflix's U.S. account. "At least two more hacked tweets were sent. All of them have since been deleted, presumably by the Netflix social media team," according to CNET.

In previous years, most network intrusions have targeted enterprises and large corporations. But this year we saw a much more diverse field of victims, ranging from celebrities, technology CEOs, political parties, and even the Olympics.

More Political Hacks

Perhaps one of the most disturbing trends in 2016 has been the increased use of hacking to achieve geopolitical goals. Hacking groups linked to either the Kremlin or Russian president Vladimir Putin have been accused of reverting to Cold War tactics to weaken and delegitimize countries seen as political rivals.

A hack of the World Anti-Doping Agency's database, resulting in the publication of private medical records for several U.S. athletes, was attributed to a group of Russian hackers going by the names "Team Tsar" and "Fancy Bear." The group was also accused of hacking the Democratic Party’s network to find embarrassing information about then-presidential candidate Hillary Clinton.

The attack against the Democratic Party and the Clinton campaign appear to have been part of an orchestrated effort by Russia to use cyberwarfare to undermine the U.S. electoral process. While it's impossible to say what, if any, effect the hack had on the election of Donald Trump, the hack has escalated tensions between the two countries and caused no small amount of alarm within the U.S. intelligence community.

And it isn't just national security that was in the spotlight in 2016. The year also saw a big jump in ransomware attacks, with individuals being targeted by hackers who encrypt their data in to extort cash out of them. Perhaps the largest such attack this year featured the San Francisco transit system, which was targeted by a ransomware attack that resulted in travelers receiving free rides over the Thanksgiving weekend.

Individuals in the Crosshairs

Several high-profile individuals in the technology sector have also been targets of attacks this year, including Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai. And Twitter's former CEO Dick Costolo and current CEO Jack Dorsey also suffered from hacks.

Most of these attacks seem to have come from well-known hacking collectives such as OurMine. But an independent hacker going by the handle "Lid" was able to hijack the Twitter account of Oculus CEO Brendan Iribe.

Hacks weren't just about digital defacement and a chance to embarrass political opponents, though. This year also saw the second largest bitcoin hack in history, resulting in the theft of more than $65 million of the cryptocurrency.

But it wasn't just digital currency that was stolen this year. A gang of Russian hackers also managed to break into more than 330,000 point-of-sale machines running software by Micros, an Oracle company. The hack hit cash registers used in food chains, hotels and retail stores.

And speaking of hotels, the U.S. hospitality industry suffered one of its largest hacks ever when 20 hotels owned by HEI Hotels and Resorts discovered malware running on point-of-sale machines used throughout the country. That hack may have resulted in the theft of customer data including account and credit card numbers.

This year there was even information about past traditional hacks involving the theft of users' email addresses and login information. Yahoo reported that in 2013, it suffered the largest breach in history, involving more than 1 billion user accounts. That exceeds the hack of 500 million accounts in 2014 that the company also reported this year.

Author: Jef Cozza
Source: http://www.toptechnews.com/article/index.php?story_id=132004JYDLHC

Categorized in Internet Privacy

RANSOMWARE IS MALWARE that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

TL;DR: Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom—usually demanded in Bitcoin. A popular and more insidious variation of this is ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN numberwhile demanding a $500 ransom from victims to regain access.

Earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they’ve already infected it with a backdoor through which they can enter.

The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn’t guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn’t occur.

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.

According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim’s machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.

The Evolution of Ransomware

It didn’t take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in Bitcoin, of course, and sent to an address the attackers control—the government won’t restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address, This email address is being protected from spambots. You need JavaScript enabled to view it., if they have any questions. In some cases they are threatened with arrest if they don’t pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.

In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim’s files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.

In just six months, between September 2013 and May 2014, more than half a million victims were infected with CryptoLocker. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.

Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.

“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.

In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.

Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client. But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.

The “malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec noted in a blog post.

The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.

The Ransomware to Watch Out for Now

Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim’s machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim’s files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall’s authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.

CTB-Locker’s name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.

TorrentLocker harvests email addresses from a victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.


Source : https://www.wired.com/2015/09/hacker-lexicon-guide-ransomware-scary-hack-thats-rise/

Categorized in Internet Privacy

A recent report conducted by cybersecurity firm Recorded Future shows that most of the cybercriminals earn between $1,000 and $3,000 a month, however, 20 percent make about $20,000 per month.

According to report author Andrei Barysevich, director of Recorded Future, the data is based on a survey conducted by a closed underground community. He says the security company posted a survey while investigating invitation-only underground internet and dark web hacker forums.

“We actually saw criminals who made way more than that, $50,000 to $200,000 a month,” Barysevich said. “This is what they keep, this is not revenues, but pure profit. This is what they can spend on loose women, fast cars, and nice clothes.”

The researcher said he was quite surprised how many cybercriminals participated in the survey (a couple of hundreds), and revealed details how they worked anonymously. However, the results did not surprise him.

“What we saw actually supported our previous research,” he said. “Recorded Future has been gathering information about cybercriminals for years. Our job involves engaging with cybercriminals and we talk to them all the time. And they share with us quite intimate details, which city they are in if they actually have a regular job if they have families. And we see a lot of weird stuff.”

Barysevich added that most cybercriminals work part time and for some of them, cybercrime is a family business.

“We’ve seen several generations that engaged in cybercriminal activity,” the researcher said. “We’ve seen messages between bad guys, with one guy complaining that today his wife was only able to purchase cheap electronics with stolen credit cards, worth a few hundred dollars, while as his father was doing Internet crime.”

According to Barysevich, the biggest demographic group are individuals with no criminal records, no ties to organized crime, with steady jobs. Many of these hackers got involved in cybercrime while they were in college and continued their operation afterward. However, the director of Recorded Future added, the most dangerous cybercriminals are those who run criminal syndicates.

“Team members tend to have strong ties in real life and often are respected members of their communities, viewed by many as successful businessmen and entrepreneurs,” the report goes by. “The group will often have a diversified investment portfolio and maintain a presence in real estate, hospitality, and auto-related businesses.”

“They are not dilettantes,” Barysevich said. “They are professionals, but in real life, and in cybercrime. They plan their operations very carefully, they have trusted people on the team of different professionals, so they have lawyers and ex-law enforcement officers. They also have professional forgers if they need to establish shell companies and need fake documents. They have people responsible for money laundering. They have real estate developers that help them build a legitimate business empire on the profits they make from illegal activities.”


Barysevich added that cybercriminal organizations mirror traditional mafia groups.


Source:  https://www.deepdotweb.com/2016/12/14/report-cybercriminals-make-1000-3000-per-month

Categorized in Deep Web

Cybercriminals are now targeting entire banking networks instead of individual accounts. Hackers have successfully tricked several ATMs into emptying their stash of currency notes without using any credit or debit card. The FBI has confirmed it is monitoring reports about such synchronized cyber-attacks that might intend to target the U.S. financial sector.

After recent cyber-attacks targeting Automated Teller Machines (ATMs) in Taiwan and Thailand, the Federal Bureau of Investigation (FBI) has cautioned American banks and financial institutions that similar attacks might soon happen on their systems and machines. According to international reports, cybercriminals have so far managed to withdraw millions in foreign currency by tricking the ATMs.

Reports indicate organized gang members merely surround ATMs at a predetermined hour, collect the cash that the machines spew out in one go, and make away with millions of dollars’ worth of currency without even touching the machine or inserting any debit or credit card. It is apparent the criminals are no longer attempting to con unsuspecting citizens and stealing their hard earned cash by making copies of their credit cards.

Instead of attempting to dupe several small accounts, the hackers are now going straight to the source. Reports suggest criminals with knowledge of banking systems, and more specifically, how the ATMs operate, are inserting malicious code within the Operating System (OS) that triggers multiple ATMs to spit out cash at a preset time. Gang members merely stand by in anticipation to collect the bills, reported The Next Web.

How do the cybercriminals operate? The FBI has learned that it was a Russian gang, known as Buhtrap, that developed the software. Cyber security agencies believe these gangs perfected their software by targeting small Russian banks. Once the software was able to compromise the security of the ATMs, the gangs gradually expanded their operations to other countries.

The cybercriminals look for virtual weaknesses in digital systems that process transactions on banking payment networks. However, banks routinely outsource the job of ATM maintenance, including cash handling, to a third party. The hackers have been known to have hit such ATM networks that are managed by third-party agencies.

Banks became aware of the crime after reports started pouring in about loose currency lying unclaimed on the floor. The currency notes lying scattered in cabins that house ATMs raised suspicion, and forced the banks to launch an internal investigation. When the banks complained to the police, the sheer enormity of the crime began to surface. Initially, the police were baffled because “ATMs were abnormally spitting out bills.”

The epicenter of the crimes might have been Russia, but cybercriminals were found to be active in Taiwan and Thailand. Experts believe the cities were primarily targeted because they are always teeming with foreigners on vacation. The bustling cities offer several ways to grab the cash and escape through the many lanes and crowded intersections. According to Taipei’s police, cyber thieves have managed to steal more than $300 million.

So far, the criminals have managed to compromise PC1500 ATMs, built by Wincor Nixdorf AG of Germany, reported The Wall Street Journal. Surprisingly, law enforcement officials believe the cybercriminals managed to compromise the ATMs by sending fraudulent “phishing” emails disguised to look like messages from ATM vendors or other banks, reported Security Newspaper.

While banks and financial institutions in the United States are believed to be better protected, as well as more regularly updated, the ATMs are often run on antiquated software. Since updating the OS and other security measures on the ATMs is a very time consuming and expensive affair, they are usually one of the last devices to undergo a digital overhaul. However, given the rising number of cyber attacks that are targeting the banks directly, the financial institutions could soon expedite the process to better protect their ATMs and backend banking process.

Source : http://www.inquisitr.com

Author : Patrick

Categorized in Science & Tech

If, like me and my clients, you ever receive an email about a domain name expiration, proceed with great suspicion — because many of these "notices" are a sham. They're designed to sell you services you don't need or to trick you into transferring your domain name to another registrar.

Usually, the emails can safely be ignored.

Here's an example:

As shown in the image above, an important-looking email from "Domain Service" refers to a specific domain name in the subject line. The body of the email states that it is an "EXPIRATION NOTICE." However, the finer print states that the expiration is not for the domain name registration itself but instead for "search engine optimization submission" — services that the recipient of the email has never purchased (and probably doesn't want).

Many recipients of these emails likely click the payment link thinking they should do so to ensure that their domain names don't expire.

While this is obviously misleading, it isn't new.

In 2010, the U.S. Federal Trade Commission warned about these frauds in a press release titled "FTC Halts Cross Border Domain Name Registration Scam." The FTC said:

The Federal Trade Commission has permanently halted the operations of Canadian con artists who allegedly posed as domain name registrars and convinced thousands of U.S. consumers, small businesses and non-profit organizations to pay bogus bills by leading them to believe they would lose their Web site addresses unless they paid. Settlement and default judgment orders signed by the court will bar the deceptive practices in the future.
In June 2008, the FTC charged Toronto-based Internet Listing Service with sending fake invoices to small businesses and others, listing the existing domain name of the consumer's Web site or a slight variation on the domain name, such as substituting ".org" for ".com." The invoices appeared to come from the businesses' existing domain name registrar and instructed them to pay for an annual "WEBSITE ADDRESS LISTING." The invoices also claimed to include a search engine optimization service. Most consumers who received the "invoices" were led to believe that they had to pay them to maintain their registrations of domain names. Other consumers were induced to pay based on Internet Listing Service's claims that its "Search Optimization" service would "direct mass traffic" to their sites and that their "proven search engine listing service" would result in "a substantial increase in traffic."The FTC's complaint charged that most consumers who paid the defendants' invoices did not receive any domain name registration services and that the "search optimization" service did not result in increased traffic to the consumers' Web sites.

And, in 2014, ICANN issued a similar warning, "Be Careful What You Click: Alert of New Fraudulent Domain Renewal Emails." In its alert, ICANN said:

Recently, online scammers have targeted domain name registrants with a registration renewal scam in order to fraudulently obtain financial information. The scam unfolds as follows. The scammer sends an email to a domain registrant that offers an opportunity to renew a registration, and encourages the email recipient to "click here" to renew online at attractively low rates. These emails appear to be sent by ICANN. The scammers even lift ICANN's branding and logo and include these in both the body of the email message and at the fake renewal web page, where the scammers will collect any credit card or personal information that victims of the scam submit.

Here are some simple steps to avoid falling for these types of scams:

  • Check your domain name registrations to ensure that the email contacts in the "whois” records are accurate and that, in the case of domain names owned and used by companies, only current personnel educated about the domain name system are listed as contacts (because the fraudsters send their notices to contacts in the whois records).
  • Don't click on any links in a suspicious email about a domain name "expiration." These links typically contain tracking technology that enable the sender to identify the simple fact that you have clicked — which could increase the likelihood you will receive further notices or spam.
  • If you are truly concerned that a notice may be legitimate or that your domain name may be at risk of expiring, simply check its expiration date in the whois record. Then, confirm with your current registrar that the domain name is set to auto-renew (if desired) and that your payment information is accurate. If you plan to keep the domain name for a long time, consider renewing it for the longest possible term (often 10 years).
  • Set your domain name's lock status (at your registrar) to help prevent unauthorized transfers. To see whether your domain name is locked, look for a status such as "clientTransferProhibited" in the whois record.
  • And, of course, simply delete any suspicious "expiration" emails.

Author:  Doug Isenberg

Source:  http://www.circleid.com/

Categorized in Internet Privacy
Page 1 of 2

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media