fbpx

Introduction to dark web fraud

Dark web fraud constitutes a global information security problem. The widespread availability of how-to guides providing instructions on how to commit such fraud exacerbates the problem even further.

Before examining these how-to guides in detail, we need to explain the meaning of “dark web.” The web includes two main layers: the surface web, which consists of any content indexed by search engines, and the deep web, which comprises all content that is not indexed by search engines. Content in the deep web can be hidden behind paywalls, firewalls and other types of protection.

 

The dark web constitutes a small portion of the deep web and appeared as a result of the development by the United States of software known as Tor. It allowed internet users to encrypt their location and information they sent and received. This, in turn, ensured their anonymity and privacy. The dark web is often used by criminals for various malicious purposes, such as sales of guns, drugs and other illegal materials. It is estimated that the content available on the dark web constitutes less than 0.005% of the content available on the surface web.

Large volumes of content exchanged through the dark web include how-to guides. According to a Terbium Labs study that covers three major dark web exchanges, 49% of the data sold through those exchanges consists of how-to guides. 

In this article, we will examine the types of how-to guides sold through the dark web. Afterwards, we will discuss their reliability. Finally, we will provide concluding remarks.

Typology of how-to guides

How-to guides can, depending on their purpose, be divided into five categories: account takeover, phishing, doxing, cashing out and synthetic identity fraud. 

1. Account takeover

The term “account takeover” refers to a situation where a fraudster gets unauthorized access to a genuine customer’s account, such as online banking accounts, email accounts and accounts providing access to subscription services. Once the fraudster gets access to a customer account, he or she may use it for various purposes, including but not limited to purchasing goods or services, acquiring more sensitive information which can be used to blackmail the victim and spreading malware to the contacts of the victim.

How-to guides may include detailed instructions on how to use software for automatic detection of vulnerabilities in corporate computer systems. It is believed that such software was used to conduct the British Airways cyberattacks, which enabled hackers to access tens of thousands of frequent-flyer accounts.

2. Phishing

How-to guides may also teach criminals how to conduct phishing attacks. Research conducted by Cyren revealed that 5,335 new phishing how-to guides were made available in 2019 alone. The same research indicated that 87% of the phishing how-to guides included at least one evasive technique, such as content injection, HTML character encoding, and the inclusion of URLs in attachments.Let’s look at those a little more closely. Content injection refers to changing the content of a page on a legitimate website in such a way as to redirect users of that website to a phishing page. HTML character encoding means the inclusion of phishing code in a webpage in such a way as to prevent security crawlers from detecting keywords associated with phishing (e.g., “credit card” and “password”). The inclusion of URLs in attachments is a technique allowing fraudsters to hide links to phishing websites in files.

 

3. Doxing

Doxing is the practice of finding out sensitive information about an individual or organization and making it publicly available with the aim to harass, shame or extort the victim. Doxing how-to guides contain instructions on how to find sensitive information, how to post it in such a way as to prevent the removal of the information and how to obtain monetary gain through extortion.

4. Cashing out

Cashing-out how-to guides contain instructions on how to cash out voucher codes, bank accounts, credit cards, gift cards and other payment methods. In some cases, such guides may provide links to e-commerce websites that can accept stolen financial data purchased through the dark web. In other cases, they describe the steps one needs to take to clone payment instruments, such as debit and credit cards.

5. Synthetic identity fraud

To commit a synthetic identity fraud, one needs to combine stolen information from unsuspecting individuals and combine it with false information, such as dates of births, addresses and names. The resulting synthetic identities are less likely to be detected because of the lack of a clearly identified victim.A report from the US Federal Reserve indicates that synthetic identity theft constitutes the fastest growing type of identity fraud. In 2016 alone, the losses caused by this type of fraud exceeded USD 6 billion. Many how-to guides contain detailed descriptions of methods used to combine actual and fake data in such a way as to mislead the relevant financial institutions into believing that the synthetic identities are genuine.

The reliability of the how-to guides

How-to guides are highly unreliable. In many cases, they provide no useful information and the buyer cannot demand his or her money back. In this regard, Tyler Carbone, a CEO at Terbium Labs, noted: “Ironically, many fraud guides are themselves fraudulent. Bad actors create fake guides, and try to make a profit selling them before buyers catch on.” Of course, this is not surprising as people who teach others on how to commit fraud should not be expected to be honest and ethical. 

Some how-to guides may even include malware to be used by their buyers to commit fraud. Quite often, such malware may actually infect the computers of the buyers. Thus, the buyers who pay for purchasing how-to guides may actually pay for infecting their own computers.

According to the researchers of Terbium Labs, about 11% of all how-to guides are fraudulent. Although the remaining 89% how-to guides contain genuine information about how to commit fraud, many of them contain obsolete data (more than a decade old) or duplicated data (e.g., publicly available data repackaged by the hackers as their own).

Irrespective of the reliability of how-to guides, these materials may provide people with weak computer skills with the opportunity to conduct serious cyberattacks. This is not only because they often contain detailed and simple instructions, but also because they may include ready-made malware that can be used during the attacks and databases of stolen sensitive information which can facilitate fraudulent operations. The average price of stolen sensitive information on the dark web is about $8.50, but one can find such information even at the price of $1.

Concluding remarks regarding how-to guides

How-to guides have the potential to increase the number of global cyberattacks because they reduce the financial and competence requirements required for conducting such attacks. Anyone who can pay about $4 for a how-to guide or about $16 for a collection of how-to guides under a single listing is now able to engage in account takeovers, phishing, doxing, fraudulent cashing-out, synthetic identity fraud and other malicious activities. 

This means that how-to guides can be regarded not only as an information security problem but also as a social problem because their use can lead to the paralysis of the functioning of various social organizations such as governments, hospitals and companies.

 

[Source: This article was published in resources.infosecinstitute.com By Daniel Dimov - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

Financial firms continue to move to digital-first deployments, as retail branches close, and people shift to remote work. This shift makes understanding and preventing even common darknet, or dark web, threats a priority.

Financial cybersecurity investment institutions need to understand what the dark web is, provide their security teams with the tools to explore it safely and prioritize areas of concern. Taken together, these actions can limit risk and improve regulatory compliance.

About the Darknet

Originally designed to hide users’ activities and identities, the dark web, also known as darknet, quickly became an obstacle as malicious actors leveraged tools, such as The Onion Router (TOR) to create a digital marketplace where nothing was off-limits or beyond reach. From illegal items to stolen data, there’s a good chance someone on the dark web has obtained, or has access to exactly what bad actors are after.

 

Not surprisingly, financial data remains one of the most popular purchases on the dark web. Credentials for high-value bank accounts start at just $500, and credit card data is sold in large volumes at low cost. Financial firms are often forced to close compromised accounts and refund fraudulent transactions, since there is little recourse when it comes to finding the origin of this pilfered information. 

Dark Web: The Deep and the Darkness

No discussion of the dark web is complete without a quick primer on the difference between deep and dark deployments.

The deep web is classified as data that isn’t indexed and readily available online. While this type of data makes up 90% of the internet at large, the dark web accounts for just 0.005%, or around 8,400 live sites.

Financial firms regularly interact with the deep web. It’s where secured client data and essential enterprise assets are stored. The deep web is fundamental for finance and critical for consumer confidence. If secured financial information was readily available with a simple online search — which still happens with alarming regularity — clients would quickly abandon banks in favor of more secure alternatives.

The dark web, meanwhile, is a place without rules or regulation. Both legal and illegal activities exists side-by-side, unchecked by regulatory or operational obligations on the dark web. And, accessing the darknet isn’t complicated. Users typically leverage the Tor Browser to encrypt and obscure their location and IP address. Still, it’s nothing like the surface web. 

The Economies of the Dark Web 

The darknet isn’t just a free-for-all of fraudulent transactions and stolen credentials. As noted by Financial Management, this twilight trading ground has developed its own economy. It is one that follows the laws of supply and demand and sees criminal ‘vendors’ fighting for market share by offering top-tier products, lower prices and enhanced customer service. 

This creates a kind of paradox. While the dark web economy doesn’t match the rest of the web in terms of design, it displays the same type of inventory and incentive tools and strategies as more common businesses. As a result, it’s critical for financial firms to take the same approach to dusk economies as those in the daylight, discovering as much information as possible.

This requires a shift in thinking. Rather than waiting for malicious actors or dark web buyers to compromise financial networks, banks must take an intelligence-based approach to data discovery. What information is available on the dark web? How much (if any) client data has been compromised? How have the bad actors made it available to potential purchasers?

Equipped with actionable insight, financial firms can begin developing proactive incident response. That could mean anything from changing account details before compromises happen to deploying security tools that better defend against theft. With the dark web now governed by supply and demand, making supply worthless is the quickest way for banks to boost their defense against shady economies.

How Your Cybersecurity Team Can Fight Back 

It’s one thing to recognize the need to improve data gathering on the dark web; it’s another entirely for banks to put policy into practice.  

So, how do financial firms actively protect themselves against bad actors?

 

It starts with an understanding of current infosec expectations, such as those described in the FFIEC Information Technology Examination Handbook. These guidelines can help banks identify potential weak points across current efforts to manage protected information. From there, they can implement effective network and access controls.

By knowing which areas need the most work, financial firms can prioritize essential infosec investments. No single dark web cybersecurity solution is enough to combat all emerging threats. Instead, organizations must adopt defensively diverse portfolios that include:

Expert Insight

Uncovering tactics and technologies used by darknet attackers is critical to improving current defenses. Human experts are the best defense. Banks must invest in security professionals capable of creating and cultivating dark web personas themselves. By becoming a trusted member of this shadow community, firms have a better chance of finding stolen data before it can be used to infiltrate accounts or compromise key systems. Then, they can integrate collected intelligence into existing defensive frameworks.

Active Listening

It’s not enough to know that data has been compromised or if attackers are attempting to breach financial networks. Firms need to know what’s being said about them on the darknet and how stolen information is being used.

For example, if banks can identify a cache of pilfered business account credentials for sale and observe interest from other users in purchasing this data, they can proactively close and re-secure these accounts to limit potential risk. With enough lead time, it’s also possible for teams to create honeypot accounts that allow attackers in but keep them contained. This, in turn, provides IT teams valuable threat vector data.

Machine Learning 

While human desire and demand form the foundation of dark web functions, even the most experienced infosec experts can’t cover the entire economy at once. Advanced machine learning and artificial intelligence tools can help bridge the knowledge gap by analyzing current compromise patterns and predicting potential outcomes. This way, banks can identify top compromise targets and deploy purpose-built protections to limit the risk of darknet disclosure.

A Mirror, Darkly

As dark web economies evolve, a malicious mirror emerges. Fraudulent financial transactions have their own economy that mimics above-the-board deals. To deliver dark web security, organizations must look into the abyss, learn from it and leverage operational insight to defend against fraud.

[Source: This article was published in securityintelligence.com By Douglas Bonderud - Uploaded by the Association Member: James Gill] 

Categorized in Deep Web

Ohio and Washington emerged as new hotspots for internet crime in 2019, though California continues to lead with the largest online fraud victim losses and number of victims, according to research from the Center for Forensic Accounting in Florida Atlantic University's College of Business.

California online victim losses increased 27 percent from 2018 to $573.6 million in 2019. The number of victims in California increased by 2 percent to 50,000.

Florida ranked second in victim losses ($293 million) and also posted the largest annual increase in both victim losses and number of victims over the past five years. The average loss per victim in the Sunshine State grew from $4,700 in 2015 to $10,800 in 2019, while the average victim loss jumped 46 percent from 2018.

 

When victim losses are adjusted for population, Ohio had the largest loss rate in 2019 at $22.6 million per 1 million in population, rising sharply from $8.4 million in 2018. Washington had the highest victim rate at 1,720 per 1 million in population.

Ohio and Washington replaced North Carolina and Virginia, which ranked among the top states in 2018.

The other top states in the latest   report were New York and Texas. The report is based on statistics from the FBI, which collects data from victims reporting alleged internet crimes.

"Fraudsters are getting more efficient at going after where the money is," said Michael Crain, DBA, director of FAU's Center for Forensic Accounting. "There doesn't seem to be any mitigation of the growing trend of online crime. The first line of defense from online fraud is not a technology solution or even law enforcement; it's user awareness. From a policy perspective, governments and other institutions should get the word out more so that individuals and organizations are more sensitive to online threats."

Crimes such as extortion, government impersonation and spoofing became more noticeable last year for their increases in victim losses and number of victims, according to the report. Business email compromise/email account compromise (BEC/EAC) remains the top internet crime in 2019 with reported losses of $1.8 billion, followed by confidence fraud/romance ($475 million) and spoofing ($300 million) schemes.

Spoofing, the falsifying of email contact information to make it appear to have been originated by a trustworthy source, was the crime with the largest percentage increase in victim losses (330 percent) of the top states during 2019.

 

BEC/EAC, in which business or personal email accounts are hacked or spoofed to request wire transfers, accounted for 30 percent to 90 percent of all victim losses last year in the top states and has grown significantly since 2015.

In confidence fraud/romance, an online swindler pretends to be in a friendly, romantic or family relationship to win the trust of the victim to obtain money or possessions.

For online investment fraud, in which scammers often lure seniors with promises of high returns, California leads the top states with $37.8 million in victim losses, but Florida's population-adjusted loss rate of $1.1 million makes it the state where victims are likely to lose the most money.

A major problem is that most internet crime appears to originate outside the United States and the jurisdiction of U.S. authorities.

"Foreign sources of internet crimes on U.S. residents and businesses make it challenging for whether  levels can be reduced as the public becomes more connected and dependent on the internet," the report states.

 

[Source: This article was published in phys.org By Paul - Uploaded by the Association Member: James Gill]

Categorized in Online Research

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

 

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’ deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data, and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web, in general, is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

 

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

 

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Alex]

Categorized in Deep Web

[Source: This article was published in infosecurity-magazine.com By Liv Rowley - Uploaded by the Association Member: Jasper Solander]

The surface web poses many threats to organizations, but the deep and dark web has gained notoriety over the years as more and more cyber-criminals make use of underground forums and marketplaces to buy and sell goods such as stolen credentials and personally identifiable information (PII).

Various anonymizing features and a lack of state-based governance has allowed cybercrime to flourish in this relatively safe space. 

 

Stolen information, illegal services and other illicit offerings and activity can be observed with unnerving regularity on the deep and dark web. Goods can be put together or sold as packages alongside other Cybercrime-as-a-Service (CaaS) offerings, thereby lowering the barrier to entry for novice cyber-criminals and allowing veterans to outsource parts of their operations. 

Dare to delve?

Whilst the darknet is complicated to navigate, it is far from impossible to penetrate. There are public Tor indexers available – such as Torch and Grams – though they are often clunky to use and not comprehensive in their reach.

Threat intelligence companies may offer cybersecurity modules that crawl the darknet, indexing content and providing search engine-like capabilities to defenders who purchase these services. Forums, however, may need to be infiltrated first in the same way as you would a real-world criminal organization.

However, organizations must first determine whether the risks associated with this type of hands-on research are worth it. These risks include the possibility of being unwittingly or unintentionally infected with malware or otherwise exposing yourself to those with malicious intentions. A strong understanding of operational security and acceptance of the risks associated with this type of research is key. In many cases, organizations may find it more prudent to enlist the help of threat intelligence vendors, whose professional expertise may come in useful.

Threat actors utilize Tor, I2P and other darknet browsing software to access hidden forums and marketplaces, while others lurk on the deep web behind password-protected or invitation-only closed forums or groups on Telegram, WhatsApp and other chat platforms. Some expect you to prove technical knowledge to gain entrance to a forum or to actively participate in a cyber-criminal community in order to maintain access. In other cases, you may need to be invited or recommended by a trusted relationship to gain access. 

Keep your enemies close

Organizations looking to conduct dark web research are setting out on a challenging task; dark web research can be similar to knowing that a party is taking place, but not knowing the address. Analysts need to be ready to hunt, dig and immerse themselves in the underground in order to find the action. In doing so, analysts are exposed to the myriad products and conversations surrounding cybercrime in these spaces, training their eye to be able to filter and identify the real threat.

 

This in turn allows organizations to better understand what they need to defend themselves against. In order to assess a threat actor’s credibility and the legitimacy of a particular threat, researchers may look at factors such as a threat actor’s reputation or length of time on the darknet.

Companies should prioritize monitoring for data related to their organization, such as proactively searching the dark web to find stolen credentials. Doing so at an early stage can massively reduce the risk or impact of an attack.

Detecting them using threat intelligence services can not only prevent additional breaches but also force IT security teams to locate the sources of the initial attacks and fix existing problems so attacks cannot occur again through that vector.

Stay alert and keep watch

In addition to looking for stolen credentials, it is also wise to monitor (using defined search terms) for documents or PII which might have been stolen or unintentionally leaked. Stricter data protection regulations mean that data leaks can have an even larger impact on an organization’s bottom line, as well as its reputation. In the event of a GDPR penalty, a company that can demonstrate robust detection capabilities can vastly reduce its liabilities.

A network of crawlers and sensors can alert organizations when their credentials have been offered for sale on the dark web – if you know what’s been stolen, it’s easier to block and mitigate damage. Good cyber threat intelligence is crucial to providing this feedback of information to build stronger defenses around any business.

Tracking for crimeware kits, malware, threat actors and TTPs that could target their sector more generally can also help security teams strengthen their security posture, broaden their situational awareness and put in place appropriate defense measures before adversaries can strike. 

The best way to fight cybercrime on the darknet is to operate in much the same way as the bad guys. If you understand the scope of what’s available to criminals, it’s a lot easier to rationalize how to defend against cyber-attacks and enable others to do the same. Collaboration and intelligence sharing is crucial in the fight against cybercrime.

Categorized in Deep Web

 Source: This article was Published securityintelligence.com By Jasmine Henry - Contributed by Member: Deborah Tannen

The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. In fact, very few cybercriminals work alone. Eighty percent of cybercrime is linked to criminal collectives, and stolen data-shaped goods surface rapidly on darknet forums and marketplaces following cybersecurity incidents with data loss.

Adapting to these trends is essential. Organizations with the ability to extract threat intelligence from data-mining these elusive online sources can achieve a significant security advantage.

Deep Web and Darknet: What’s the Difference?

The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web. Anything beyond that is defined as the deep web. While estimates vary, some researchers project there is 90 percent more deep websites than surface ones, according to TechCabal. In the deep web are unindexed websites that are not accessible to everyday Internet users. Some restrict access, others are routed through many layers of anonymity to conceal their operators’ identity.

 

Darknet websites and technologies are a subset of the deep web classification, which consists of sites intentionally hidden and generally only accessible through technologies like The Onion Router (Tor), a software that facilitates anonymous communication, or peer-to-peer (P2P) browsers. This hidden web is closely associated with anonymity and (in some cases) criminal activity supported by open exchange and collaboration between threat actors.

How to Draw Dark Threat Intelligence

“Dark web intelligence is critical to security decision-making at any level,” said Dave McMillen, senior analyst with X-Force IRIS at IBM X-Force Incident Response and Intelligence Services (IRIS). “It is possible to collect exploits, vulnerabilities and other indicators of compromise, as well as insight into the techniques, tactics, and procedures [TTPs] that criminals use for distinct knowledge about the tools and malware threat actors favor.”

When this real-time threat data is filtered through sufficient context and separated from false positives, it becomes actionable intelligence. McMillen believes there are several ways organizations can benefit from dark-sourced intelligence. These benefits include understanding emerging threat trends to develop mitigation techniques proactively. Dark-source intelligence could also help with identifying criminal motivations and collusion before attacks. It could even aid in attributing risks and attacks to specific criminal groups.

How to Identify Darknet Security Risks

For expert threat researchers like McMillen, patterns of deep web activity can reveal an attack in progress, planned attacks, threat trends or other types of risks. Signs of a threat can emerge quickly, as financially-driven hackers try to turn stolen data into profit within hours or minutes of gaining entry to an organization’s network.

The average time it takes to identify a cybersecurity incident discovery is 197 days, according to the 2018 Cost of a Data Breach Study from the Ponemon Institute, sponsored by IBM. Companies who contain a breach within 30 days have an advantage over their less-responsive peers, saving an average of $1 million in containment costs.

“Employing dark web monitoring solutions that allow the use of focused filters to identify key phrases, such as your brand and product names, that may contain information that can negatively affect your organization is a good start in your effort to glean useful intelligence from the dark web,” McMillen said.

 

The collected data should then be alerted and routed through a human analysis process to provide actionable insights. Context-rich threat intelligence can reveal many different forms of risk.

1. Organization or Industry Discussion

Among the key risk factors and threats are mentions of an organization’s name in forum posts, paste sites, channels or chatrooms. Contextual analysis can determine whether threat actors are planning an attack or actively possess stolen data. Other high-risk discussions can surround niche industries or verticals, or information on compromising highly-specific technologies employed by an organization.

2. Personally Identifiable Information (PII) Exchange

When a breach has occurred, the sale of PII, personal health data, financial data or other sensitive information can be indicative of the aftermath of an attack. A single data record can sell for up to $20, according to Recorded Future. This data is generally stolen en-masse from large organizations — such as credit agencies and banks — so a few thousand credit card numbers can turn a huge profit.

Unsurprisingly, 76 percent of breaches are financially motivated, according to the 2018 Data Breach Investigations Report from Verizon.

3. Credential Exchange

Lost or stolen credentials were the most common threat action employed in 2017, contributing to 22 percent of data breaches, according to the Verizon report. While the presence of usernames and passwords on paste sites or marketplaces can indicate a data breach, contextual analysis is required to determine whether this is a recent compromise or recycled data from a prior incident.

In May 2018, threat intelligence company 4iQ uncovered a massive floating database of identity information, including over 1.4 billion unencrypted credentials.

 

“The breach is almost two times larger than the previous largest credential exposure,” Julio Casal, founder of 4iQ, told Information Age.

4. Information Recon

Social engineering tactics are employed in 52 percent of attacks, according to a February 2018 report from security company F-Secure. Collusion around information recon can surface in both open and closed-forum exchanges between individual threat actors and collectives.

5. Phishing Attack Coordination

As phishing and whaling attacks become more sophisticated, deep web threat intelligence can reveal popular TTPs and risks. Coordination around information recon is common. Threat actors can now purchase increasingly complex phishing-as-a-service software kits and if defenders are familiar with them, they can better educate users and put the right controls in place.

dir=”ltr”>Although malicious insiders cause fewer breaches than simple human error, the darknet is an established hub for criminal collectives to recruit employees with network credentials for a sophisticated attack. Dark Reading tracked nearly twice as many references to insider recruitment on darknet forums in 2016 as in 2015.

7. Trade Secrets and Sensitive Asset Discussions

Trade secrets and competitive intelligence are another lucrative aspect of threat actor commerce that can signal risks to researchers. In one recent incident reported by CNBC in July 2018, a likely Russian cybercriminal sold access to a law firm’s network and sensitive assets for $3,500. Having had that information ahead of time could have saved the victim time, money, and reputational damage.

What Are the Challenges to Deriving Value From Dark Sources?

While there is clear strategic and tactical value to darknet threat intelligence, significant challenges can arise on the road to deep web threat hunting and data-mining. For instance, it’s not ideal to equip security operations center (SOC) analysts with a Tor browser. The potential volume of false positives based on the sheer size of the hidden web necessitates a more effective approach.

“The dark web is fragmented and multi-layered,” McMillen said.

When researchers discover a credible source, it generally requires hours to vet intelligence and perform a complete analysis. Darknet commerce has also grown increasingly mercurial and decentralized as law enforcement tracks criminal TTPs as they emerge. Security leaders who can overcome these barriers have the potential to significantly improve security strategy in response to emerging threat trends and risk factors.

The 2018 Artificial Intelligence (AI) in Cyber-Security Study from the Ponemon Institute, sponsored by IBM Security, discovered that artificial intelligence (AI ) could provide deeper security and increased productivity at lower costs. Sixty-nine percent of respondents stated that the most significant benefit of AI was the ability to increase speed in analyzing threats.

As leaders consider how to deepen adoption of dark threat intelligence, it’s valuable to understand that not all intelligence sources can adequately capture the full scope of threat actor exchange on this vast, fast-morphing plane. Relying on stagnant, outdated or fully automated technologies may fail to mitigate important risks. The best mode of protection is one which combines the intelligence of skilled human researchers and AI to turn raw data into actionable intelligence effectively.

Categorized in Deep Web

A new form of malware hit the internet Tuesday, shutting down systems across Europe and impacting companies from the U.S. to Russia. Unfortunately, the attack, which early reports indicate seems to have hurt Ukrainian organizations and agencies more in particular, is still largely a mystery for security researchers.

A form of ransomware, the malware encrypts a victim’s PC and demands that they pay $300 in exchange for the keys to unlock their computer or lose all of their data. The attack even managed to affect radiation monitoring equipment at the exclusion zone around the Chernobyl nuclear disaster site, forcing workers to rely on manual checks instead.

 

Cybersecurity firms originally believed the malware to be a perviously known form of ransomware called Petya, but Kaspersky Lab says it’s actually a different, unknown version kind of ransomware, causing the cybersecurity company to dub it NotPetya.

Interestingly, the Petya/NotPetya software uses a Microsoft (MSFT) Windows vulnerability similar to the one exploited by the WannaCry 2.0 ransomware which hit the web a few weeks ago. But it looks like that exploit, which was originally used by the NSA and called EternalBlue, is just one of three attack points this ransomware takes advantage of.

If your computer is infected with malware, your best bet is to simply erase the entire system. Ransomware programs sometimes require you to pay in Bitcoin, an anonymous currency that can’t be tracked.

However, criminals have increasingly begun demanding payment in the form of iTunes or Amazon gift cards, since the average person doesn’t know how to use Bitcoin, according to McAfee’s Gary Davis.

The amount you have to pay to unlock your computer can vary, with some experts saying criminals will ask for up to $500.

To be clear, ransomware doesn’t just target Windows PCs. The malware has been known to impact systems ranging from Android phones and tablets to Linux-based computers and Macs.

Where it comes from

According to Davis, ransomware was actually popular among cybercriminals over a decade ago. But it was far easier to catch the perpetrators back then since anonymous currency like Bitcoin didn’t exist yet. Bitcoin helped changed all that by making it nearly impossible to track criminals based on how victims pay them.

There are multiple types of ransomware out there, according to Chester Wisniewski, a senior security advisor with the computer security company Sophos. Each variation is tied to seven or eight criminal organizations.

Those groups build the software and then sell it on the black market, where other criminals purchase it and then begin using it for their own gains.

How they get you

Ransomware doesn’t just pop up on your computer by magic. You actually have to download it. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that.

Here’s the thing: That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages.

For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

“Criminals are looking are looking up information about where you live, so you’ll click (emails),” Wisniewski explained to Yahoo Finance. “So if you’re in America, you’ll see something from Citi Bank, rather than Deutsche Bank, which is in Germany.”

 

Cybercriminals can also target ransomware messages to the time of year. So if it’s the holiday shopping season, criminals might send out messages supposedly from companies like the US Postal Service, FedEx or DHL. If it’s tax time, you could receive a message that says it’s from the IRS.

Other ransomware messages might claim the FBI has targeted you for using illegal software or viewing child pornography on your computer. Then, the message will tell you to click a link to a site to pay a fine — only to lock up your computer after you click.

It’s not just email, though. An attack known as a drive-by can get you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware. Just like that, you’re locked out of your computer.

How to protect yourself

Ransomware attacks vulnerabilities in outdated versions of software. So, believe it or not, the best way to protect yourself is to constantly update your operating system’s software and apps like Adobe Reader. That means you should always click that little “update” notification on your desktop, phone, or tablet. Don’t put it off.

Beyond that, you should always remember to back up your files. You can either do that by backing them up to a cloud service like Amazon (AMZN) Cloud, Google (GOOG,GOOGL) Drive or Apple’s (AAPL) iCloud, or by backing up to an external drive.

That said, you’ll want to be careful with how you back up your content. That’s because, according to Kaspersky Lab’s Ryan Naraine, some ransomware can infect your backups.

A ransomware attack screen designed to look like an official message from the F.B.I

Naraine warns against staying logged into your cloud service all the time, as some forms of malware can lock you out of even them. What’s more, if you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished, or the ransomware could lock that, as well.

Naraine also says you should disconnect your computer from the internet if you see your system being actively encrypted. Doing so, he explains, could prevent all of your files that have yet to be encrypted from being locked.

 

Above all, every expert I spoke with recommended installing some form of anti-virus software and some kind of web browser filtering. With both types of software installed, your system up to date, and a backup available, you should be well-protected.

Oh, and for the love of god, avoid downloading any suspicious files or visiting sketchy websites.

What to do if you’re infected

Even if you follow all of the above steps, ransomware could still infect your computer or mobile device. If that’s the case, you have only a few options.

The first and easiest choice is to delete your computer or mobile device and reinstall your operating system. You’ll lose everything, but you won’t have to pay some criminal who’s holding your files hostage.

Some security software makers also sell programs that can decrypt your files. That said, by purchasing one, you’re betting that it will work on the ransomware on your computer, which isn’t always the case. On top of that, ransomware makers can update their malware to beat security software makers’ offerings.

All of the experts agree that the average person should never pay the ransom — even if it means losing their files. Doing so, they say, helps perpetuate a criminal act and emboldens ransomware makers.

Even if you do pay up, the ransomware could have left some other form of malware on your computer that you might not see.

In other words: Tell the criminals to take a hike.

Source: This article was published Yahoo Finance By Daniel Howley

Categorized in Internet Privacy

Panaji: With 1.3 billion connected devices and Internet of Things (IoT) devices expected to populate homes in India by 2021, home networks can become easy targets for cyber criminals, said global cyber security agency Fortinet.

Personal, financial and medical information, as well as work assets are all at risk from increasingly sophisticated malware and financially-motivated cybercriminals, Fortinet said in a report.

"Faster and more affordable internet connections are driving more home users in India to deploy internet-connected devices at home. Recent IoT-based attacks have revealed the sheer volume and ease by which billions of connected devices can be weaponized and used to disrupt the digital economies of entire countries and millions of users. These issues are compounded by the lack of basic security features and management capabilities in many IoT devices," said Fortinet regional vice-president for India and SAARC Rajesh Maurya.

 

Connected devices on the home network range from smart TVs, entertainment and gaming systems, smart refrigerators, to online home security systems. All of these devices are connected to the internet through a home WiFi system.

In order to secure home networks, Fortinet recommends that users identify devices that connect to the Internet through the WiFi network and to restrict and monitor the traffic generated by the devices.

"Home networks and devices tend to become infected because security is notoriously lax. Set up a separate connection for work, only connect through a VPN tunnel, and consider encrypting sensitive data travelling back and forth between home and corporate networks," Maurya suggests

According to a NASSCOM report, India will account for 5% of the global IoT market valued at 15 billion USD by 2020. Experts predict an average of 4.3 internet-connected devices for every man, woman and child on this planet by 2020.

Author : tnn

Source : timesofindia.indiatimes.com

 

 

Categorized in Internet Privacy

A flourishing, global marketplace of illicit goods and services that operates in the dark recesses of the World Wide Web is creating new opportunities for cybercriminals and risks for businesses and consumers.

Hacking services, narcotics, weapons, child pornography, stolen credit card numbers and other private records – nearly any kind of illegal product or unethical service – is available on the Dark Web, or Dark Net.

“It’s a bastion of all sorts of illegal and unethical activity,” according to experts with SBS CyberSecurity of Madison, S.D.

The Dark Web is a volunteer network of computers that can be accessed on the Internet with special software that is free and easy to acquire. Communications on the Dark Web pass through multiple encryption points to hide IP addresses, and locations are masked.

The anonymity enables people to communicate secretly and conduct business with untraceable cyber currency, such as Bitcoin.

“If you look at cybercrime as a business model, the Dark Web has completely changed how it can be done,” said Buzz Hillestad, a Sioux Falls-based, senior consultant with SBS CyberSecurity. “It can be done anonymously now, which is pretty scary.”

SBS used to be known as Secure Banking Solutions. The company recently changed its name because it assists businesses in fields beyond financial services.

During the past few years, the Dark Web really has emerged into an information superhighway for criminals and unethical practices. The limited-access area that has come to be known as the Dark Web initially was developed by a U.S. military agency in the late 1990s. Information about The Onion Routing project was released to the public in the early 2000s.

So-called onion routing uses layers of relay points and encryption to make communications anonymous. A message from Sioux Falls might look like it came from another country.

Tor is an acronym for The Onion Routing project. It is also the name of software that can be used to access the Dark Web and can refer to the network of computers that make up the Dark Web.

The network initially was developed for legitimate reasons. Law enforcement agencies can use it to communicate secretly, for example, and whistleblowers can use it to expose wrongdoing. It’s also a way for people in tightly controlled countries to get around government-imposed blocks on public information.

Supporters of the network tout it as a vehicle that protects freedom of expression and privacy. The secretive network also can present unrecognized dangers.

Hillestad recently consulted with a healthcare business that had unknowingly been routing information to its transcription service through the Dark Web. The software had been designed that way, possibly just to reduce data-transmission hassles, Hillestad said. Regardless, he advised the facility to get rid of the software.

“There’s no way of knowing where the data was going,” he said.

Hillestad and other experts advise businesses to block and monitor traffic in their networks with common Dark Web protocols, such as Tor or I2P.

Business firewalls often block suspicious traffic coming into a network, but many companies don’t filter traffic going out. Suspicious traffic leaving a network also should be blocked to break the chain of communication, because malware might have gotten into a system through deception or some other means, Hillestad said.

Business leaders also should be automatically alerted about suspicious traffic in their networks so that it can be monitored, he said.

In addition, there is no work-related reason for an employee of a legitimate business to have a Dark Web browser loaded on a company computer, Hillestad said.

“It’s important to know how this stuff works so you can fight it,” he said.

 

The Dark Web isn’t the only cyber tool that criminals have available to them. They also can misuse search engines such as Shodan, which for a fee can be used to search the Deep Web (but not the Dark Web) to locate private devices such as cameras and public services connected directly to the Internet.

Computerized business and home devices always should be run through a network firewall, Hillestad advises.

A closer look

Advances in technology and the explosive growth of business and personal use of the Internet and private networks to create, move and store sensitive data have fueled a corresponding increase in cybercrime and threats to information.

Juniper Research, a company based in England, estimates that the rapid digitalization of information will increase the global cost of data breaches to $2.1 trillion by 2019. That’s four times the cost of breaches in 2015.

Advances in hacking technology and profit potential in selling or using stolen information is contributing to the growth of cybercrime. Information such as a stolen healthcare record, for example, can be sold online and used by a buyer to make fraudulent claims worth many times the price of the document.

A vast inventory of stolen records with sensitive information are openly for sale on the Dark Web, which takes up a small part of the World Wide Web.

If the World Wide Web is viewed as an iceberg, the Surface Web would be the visible part that sits above the waterline. That’s the publicly accessible part of the Internet that is indexed sites. It’s searchable with tools such as Google, Bing and Yahoo.

Below the surface of the water would be a vast maze of unindexed information known as the Deep Web, where academic, government and business data are stored. Much of that information can only be queried through direct links.

At the bottom of the iceberg is the secretive tip known as the Dark Web. The Dark Web overlays the public internet, but accessing it requires special software, which is free and available online.

Tutorials are available online that show people how to access the Dark Web.

Hillestad and Nick Podhradsky, senior vice president of operations at SBS, recently hosted a webinar that included a tour of the Dark Web. “It’s an e-commerce site that makes it easy to be a bad guy,” Podhradsky said.

Judging from the SBS webinar and other reports, shopping on the Dark Web is not much different than shopping on mainstream websites. There are virtual shopping carts, payment options, classified ads, out-of-stock product advisories and customer reviews.

The Dark Web even has its own information sources. One of the best known information sources is DeepDotWeb.com, which reports news about the Dark Web but is a publicly accessible website. DeepDotWeb looks like a mainstream news publication, but its content is different. It carries a lot of news about arrest reports and market conditions.

“International law enforcement gathered to share concerns about Bitcoin and money laundering,” said one recent headline. “Over 10,000 firearms seized in Spain, bought on the darknet,” said another.

Another recent headline said: “Man tried to hire a hitman on the darknet to kill his wife but got scammed and arrested instead.”

Anyone can open a node, or relay site, on the Dark Web. Law enforcement agencies are known to set up dummy sites to try to track and stop lawbreakers. Inexperienced browsers have to be careful, because scams are common risk.

Hillestad said the Dark Web is a pretty new phenomenon to most people. The rise of ransomware really helped popularize it among criminals. Ransomware is a type of malware that is used to remotely lock up targeted computers and files. Then, the wrongdoers behind the attack demand payment to unlock the information. A lot of ransomware and denial-of-service attacks start with resources from the Dark Web.

To reduce the likelihood of ransomware and other malware being introduced into business networks, security experts stress the importance of companies to training employees well. For example, employees should be trained to not open attachments that arrive unexpectedly.

 

Companies should track social engineering trends, so that employees and customers can be warned about phishing attacks that could lead to data breaches. Phishing refers to tactics used by cybercriminals to trick people out of sensitive information, such as passwords.

Companies that don’t want information discovered shouldn’t put it online in accessible form, said William Bushee, vice president of technology for BrightPlanet.

BrightPlanet is a Sioux Falls company that uses technology to harvest information from the Deep Web, which is the unindexed part of the World Wide Web between the Surface Web and the Dark Web.

A two-year-old report or news story might no longer be searchable on the Surface Web, for example, but it might exist on the Deep Web. Clients can use information from the Deep Web to identify patterns, threats and opportunities, according to BrightPlanet.

Bushee notes that the Dark Web, or Tor network, didn’t even exist a decade ago.

“Anonymity is really why the Tor network was created in the first place. But as soon as you have anonymity, what do you have? People doing bad things,” he said. “It breeds bad things. But the network itself isn’t bad.”

Cybercrime is flourishing with the help from the Dark Web, but there are steps that businesses can take to reduce risks.

SBS CyberSecurity and other security businesses encourage companies to block protocols commonly used to access the Dark Net from exiting their firewalls. Companies also are encouraged to monitor suspicious traffic.

Good, ongoing employee training also can reduce the risk of a business suffering a malware attack or data breach.

Gary Fischer, a sales engineer at SDN Communications, agrees that good, application-aware firewalls can help protect business networks. SDN is a Sioux Falls company that provides broadband connectivity and cybersecurity services to businesses.

Companies can reduce risks by monitoring what employees do on the internet, if that’s a concern. Companies also can control what software can be installed on computers, Fischer said

“One solution doesn’t cover everything. You might have to do multiple things” to help keep a business network safe, he said.

Jon Pederson, chief technology officer at Midco, also encourages businesses to have good firewall in place. Midco provides internet, phone and TV services to businesses as well as residential customers in the region.

“If electrical engineers get together at a conference and exchange information, they’re going to be better electrical engineers,” Pederson said. The same holds true for hackers exchanging information on the Dark Web, he said.

“If I was law enforcement, that’s where I’d be hanging out to find the bad guys,” Pederson said.

Businesses and other organizations also have opportunities to get together to share information and help protect themselves. One option is the InfraGard.

The FBI collaborated with infrastructure and academic experts and to start the InfraGard program. Participation is aimed at protecting national assets such as communication networks, water supplies, food, banking information, energy sources, transportation systems and public health.

 

South Dakota has a chapter. Prospective members can find out more about the collaborative program and apply for membership by visiting the InfraGard South Dakota Member Alliance website at www.sdinfragard.net. There is no cost.

Source : http://www.argusleader.com/story/news/business-journal/2017/02/14/dark-web-cybercrime-carries-risks-businesses/97914328/

Categorized in Deep Web

It has already been a record-setting year for hacking scandals, and the headlines show no signs of slowing as we reach the end of 2016. Today's hack of Netflix's Twitter account by hacking collective OurMine is only the latest development in a year that has seen digital security become an issue of national security and election year politics.

OurMine, which is "a self-described white hat security group," said it was just testing Netflix security. The group suggested Netflix contact it to find out more about the hack. OurMine tweeted its message this morning, along with an email address and logo, to the nearly 2.5 million Twitter followers of @netflix, which is Netflix's U.S. account. "At least two more hacked tweets were sent. All of them have since been deleted, presumably by the Netflix social media team," according to CNET.

In previous years, most network intrusions have targeted enterprises and large corporations. But this year we saw a much more diverse field of victims, ranging from celebrities, technology CEOs, political parties, and even the Olympics.

More Political Hacks

Perhaps one of the most disturbing trends in 2016 has been the increased use of hacking to achieve geopolitical goals. Hacking groups linked to either the Kremlin or Russian president Vladimir Putin have been accused of reverting to Cold War tactics to weaken and delegitimize countries seen as political rivals.

 

A hack of the World Anti-Doping Agency's database, resulting in the publication of private medical records for several U.S. athletes, was attributed to a group of Russian hackers going by the names "Team Tsar" and "Fancy Bear." The group was also accused of hacking the Democratic Party’s network to find embarrassing information about then-presidential candidate Hillary Clinton.

The attack against the Democratic Party and the Clinton campaign appear to have been part of an orchestrated effort by Russia to use cyberwarfare to undermine the U.S. electoral process. While it's impossible to say what, if any, effect the hack had on the election of Donald Trump, the hack has escalated tensions between the two countries and caused no small amount of alarm within the U.S. intelligence community.

And it isn't just national security that was in the spotlight in 2016. The year also saw a big jump in ransomware attacks, with individuals being targeted by hackers who encrypt their data in to extort cash out of them. Perhaps the largest such attack this year featured the San Francisco transit system, which was targeted by a ransomware attack that resulted in travelers receiving free rides over the Thanksgiving weekend.

Individuals in the Crosshairs

Several high-profile individuals in the technology sector have also been targets of attacks this year, including Facebook CEO Mark Zuckerberg and Google CEO Sundar Pichai. And Twitter's former CEO Dick Costolo and current CEO Jack Dorsey also suffered from hacks.

 

Most of these attacks seem to have come from well-known hacking collectives such as OurMine. But an independent hacker going by the handle "Lid" was able to hijack the Twitter account of Oculus CEO Brendan Iribe.

Hacks weren't just about digital defacement and a chance to embarrass political opponents, though. This year also saw the second largest bitcoin hack in history, resulting in the theft of more than $65 million of the cryptocurrency.

But it wasn't just digital currency that was stolen this year. A gang of Russian hackers also managed to break into more than 330,000 point-of-sale machines running software by Micros, an Oracle company. The hack hit cash registers used in food chains, hotels and retail stores.

And speaking of hotels, the U.S. hospitality industry suffered one of its largest hacks ever when 20 hotels owned by HEI Hotels and Resorts discovered malware running on point-of-sale machines used throughout the country. That hack may have resulted in the theft of customer data including account and credit card numbers.

This year there was even information about past traditional hacks involving the theft of users' email addresses and login information. Yahoo reported that in 2013, it suffered the largest breach in history, involving more than 1 billion user accounts. That exceeds the hack of 500 million accounts in 2014 that the company also reported this year.

Author: Jef Cozza
Source: http://www.toptechnews.com/article/index.php?story_id=132004JYDLHC

Categorized in Internet Privacy
Page 1 of 2

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media