fbpx

Bestselling author and cybersecurity awareness specialist.

It's a digital world, and we all love the convenience. But can we honestly say we're being as safe as possible when exploring our favorite websites? Some of you may even be thinking that it's no big deal because you've been using the internet for years to perform data-sensitive tasks, like making purchases or processing digital banking transactions, and you've never had a problem.

But a cybercriminal's goal isn't necessarily to make obvious trouble for you. Rather, they seek to remain undetected for as long as possible, so they can steal as much sensitive data as they can for as long as they can. 

With that in mind, here are 12 tips to help protect yourself, your colleagues and your family while browsing the web.

Automate Processes

• Web browsing is considerably safer when you control pop-up windows. Configure your browser to either block or alert you to pop-ups.

• Turn on auto-updates for your browser, browser plugins and any software that runs in your browser. Doing this is an inexpensive way to add security to your web browsing experience.

• Use browser security add-ons. These applications provide safety ratings for websites and search engine results.

Use Discretion

• Always use a secured website for private information like passwords, email and credit cards. In the web address bar, "http" means a website isn't secured with secure sockets layer (SSL). Look for "https" in the web address, as well as the lock symbol — these are indications the website is secured with SSL.

• Avoid sensational sites. Don't visit sites dedicated to gossip about the latest sensational news stories or celebrities, as they are often riddled with malicious software, often referred to as malware. 

• Watch for search engine warnings. If the search engines show that a site might be malicious, don't go there.

• When something pops up on your screen that you find suspicious, always hit X in the top corner, instead of hitting the cancel or ignore function. The cancel or ignore button of suspicious pop-ups are often used to trick someone into downloading malicious software.

Follow Best Practices

• Cover the webcam on your computer or laptop when not in use. Hackers can turn your webcam on and watch you without your knowledge.

• Use bookmarking. For sites that you visit often, save the web address as a favorite or bookmark. This will lessen the chances of landing on a hacker's lookalike site.

• Don't browse while signed into accounts. Before signing into an account with private information, close all other browser windows and tabs.

• Don't store passwords in your browser or on websites. These places can make your passwords more vulnerable to being stolen.

• Remember, anything connected to the internet, even a smart home device like a refrigerator, can be hacked. Always approach connected devices with security in mind.

The internet is a wonderful source of information. As long as we are careful and follow the tips in this article, we can greatly assist in protecting ourselves, our colleagues and our loved ones.

 

[Source: This article was published in forbes.com By Danny Pehar - Uploaded by the Association Member: Logan Hochstetler]

Categorized in Internet Privacy

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

Financial firms continue to move to digital-first deployments, as retail branches close, and people shift to remote work. This shift makes understanding and preventing even common darknet, or dark web, threats a priority.

Financial cybersecurity investment institutions need to understand what the dark web is, provide their security teams with the tools to explore it safely and prioritize areas of concern. Taken together, these actions can limit risk and improve regulatory compliance.

About the Darknet

Originally designed to hide users’ activities and identities, the dark web, also known as darknet, quickly became an obstacle as malicious actors leveraged tools, such as The Onion Router (TOR) to create a digital marketplace where nothing was off-limits or beyond reach. From illegal items to stolen data, there’s a good chance someone on the dark web has obtained, or has access to exactly what bad actors are after.

 

Not surprisingly, financial data remains one of the most popular purchases on the dark web. Credentials for high-value bank accounts start at just $500, and credit card data is sold in large volumes at low cost. Financial firms are often forced to close compromised accounts and refund fraudulent transactions, since there is little recourse when it comes to finding the origin of this pilfered information. 

Dark Web: The Deep and the Darkness

No discussion of the dark web is complete without a quick primer on the difference between deep and dark deployments.

The deep web is classified as data that isn’t indexed and readily available online. While this type of data makes up 90% of the internet at large, the dark web accounts for just 0.005%, or around 8,400 live sites.

Financial firms regularly interact with the deep web. It’s where secured client data and essential enterprise assets are stored. The deep web is fundamental for finance and critical for consumer confidence. If secured financial information was readily available with a simple online search — which still happens with alarming regularity — clients would quickly abandon banks in favor of more secure alternatives.

The dark web, meanwhile, is a place without rules or regulation. Both legal and illegal activities exists side-by-side, unchecked by regulatory or operational obligations on the dark web. And, accessing the darknet isn’t complicated. Users typically leverage the Tor Browser to encrypt and obscure their location and IP address. Still, it’s nothing like the surface web. 

The Economies of the Dark Web 

The darknet isn’t just a free-for-all of fraudulent transactions and stolen credentials. As noted by Financial Management, this twilight trading ground has developed its own economy. It is one that follows the laws of supply and demand and sees criminal ‘vendors’ fighting for market share by offering top-tier products, lower prices and enhanced customer service. 

This creates a kind of paradox. While the dark web economy doesn’t match the rest of the web in terms of design, it displays the same type of inventory and incentive tools and strategies as more common businesses. As a result, it’s critical for financial firms to take the same approach to dusk economies as those in the daylight, discovering as much information as possible.

This requires a shift in thinking. Rather than waiting for malicious actors or dark web buyers to compromise financial networks, banks must take an intelligence-based approach to data discovery. What information is available on the dark web? How much (if any) client data has been compromised? How have the bad actors made it available to potential purchasers?

Equipped with actionable insight, financial firms can begin developing proactive incident response. That could mean anything from changing account details before compromises happen to deploying security tools that better defend against theft. With the dark web now governed by supply and demand, making supply worthless is the quickest way for banks to boost their defense against shady economies.

How Your Cybersecurity Team Can Fight Back 

It’s one thing to recognize the need to improve data gathering on the dark web; it’s another entirely for banks to put policy into practice.  

So, how do financial firms actively protect themselves against bad actors?

It starts with an understanding of current infosec expectations, such as those described in the FFIEC Information Technology Examination Handbook. These guidelines can help banks identify potential weak points across current efforts to manage protected information. From there, they can implement effective network and access controls.

By knowing which areas need the most work, financial firms can prioritize essential infosec investments. No single dark web cybersecurity solution is enough to combat all emerging threats. Instead, organizations must adopt defensively diverse portfolios that include:

Expert Insight

Uncovering tactics and technologies used by darknet attackers is critical to improving current defenses. Human experts are the best defense. Banks must invest in security professionals capable of creating and cultivating dark web personas themselves. By becoming a trusted member of this shadow community, firms have a better chance of finding stolen data before it can be used to infiltrate accounts or compromise key systems. Then, they can integrate collected intelligence into existing defensive frameworks.

Active Listening

It’s not enough to know that data has been compromised or if attackers are attempting to breach financial networks. Firms need to know what’s being said about them on the darknet and how stolen information is being used.

For example, if banks can identify a cache of pilfered business account credentials for sale and observe interest from other users in purchasing this data, they can proactively close and re-secure these accounts to limit potential risk. With enough lead time, it’s also possible for teams to create honeypot accounts that allow attackers in but keep them contained. This, in turn, provides IT teams valuable threat vector data.

Machine Learning 

While human desire and demand form the foundation of dark web functions, even the most experienced infosec experts can’t cover the entire economy at once. Advanced machine learning and artificial intelligence tools can help bridge the knowledge gap by analyzing current compromise patterns and predicting potential outcomes. This way, banks can identify top compromise targets and deploy purpose-built protections to limit the risk of darknet disclosure.

A Mirror, Darkly

As dark web economies evolve, a malicious mirror emerges. Fraudulent financial transactions have their own economy that mimics above-the-board deals. To deliver dark web security, organizations must look into the abyss, learn from it and leverage operational insight to defend against fraud.

[Source: This article was published in securityintelligence.com By Douglas Bonderud - Uploaded by the Association Member: James Gill] 

Categorized in Deep Web

[Source: This article was published in infosecurity-magazine.com By Liv Rowley - Uploaded by the Association Member: Jasper Solander]

The surface web poses many threats to organizations, but the deep and dark web has gained notoriety over the years as more and more cyber-criminals make use of underground forums and marketplaces to buy and sell goods such as stolen credentials and personally identifiable information (PII).

Various anonymizing features and a lack of state-based governance has allowed cybercrime to flourish in this relatively safe space. 

Stolen information, illegal services and other illicit offerings and activity can be observed with unnerving regularity on the deep and dark web. Goods can be put together or sold as packages alongside other Cybercrime-as-a-Service (CaaS) offerings, thereby lowering the barrier to entry for novice cyber-criminals and allowing veterans to outsource parts of their operations. 

Dare to delve?

Whilst the darknet is complicated to navigate, it is far from impossible to penetrate. There are public Tor indexers available – such as Torch and Grams – though they are often clunky to use and not comprehensive in their reach.

Threat intelligence companies may offer cybersecurity modules that crawl the darknet, indexing content and providing search engine-like capabilities to defenders who purchase these services. Forums, however, may need to be infiltrated first in the same way as you would a real-world criminal organization.

However, organizations must first determine whether the risks associated with this type of hands-on research are worth it. These risks include the possibility of being unwittingly or unintentionally infected with malware or otherwise exposing yourself to those with malicious intentions. A strong understanding of operational security and acceptance of the risks associated with this type of research is key. In many cases, organizations may find it more prudent to enlist the help of threat intelligence vendors, whose professional expertise may come in useful.

Threat actors utilize Tor, I2P and other darknet browsing software to access hidden forums and marketplaces, while others lurk on the deep web behind password-protected or invitation-only closed forums or groups on Telegram, WhatsApp and other chat platforms. Some expect you to prove technical knowledge to gain entrance to a forum or to actively participate in a cyber-criminal community in order to maintain access. In other cases, you may need to be invited or recommended by a trusted relationship to gain access. 

Keep your enemies close

Organizations looking to conduct dark web research are setting out on a challenging task; dark web research can be similar to knowing that a party is taking place, but not knowing the address. Analysts need to be ready to hunt, dig and immerse themselves in the underground in order to find the action. In doing so, analysts are exposed to the myriad products and conversations surrounding cybercrime in these spaces, training their eye to be able to filter and identify the real threat.

 

This in turn allows organizations to better understand what they need to defend themselves against. In order to assess a threat actor’s credibility and the legitimacy of a particular threat, researchers may look at factors such as a threat actor’s reputation or length of time on the darknet.

Companies should prioritize monitoring for data related to their organization, such as proactively searching the dark web to find stolen credentials. Doing so at an early stage can massively reduce the risk or impact of an attack.

Detecting them using threat intelligence services can not only prevent additional breaches but also force IT security teams to locate the sources of the initial attacks and fix existing problems so attacks cannot occur again through that vector.

Stay alert and keep watch

In addition to looking for stolen credentials, it is also wise to monitor (using defined search terms) for documents or PII which might have been stolen or unintentionally leaked. Stricter data protection regulations mean that data leaks can have an even larger impact on an organization’s bottom line, as well as its reputation. In the event of a GDPR penalty, a company that can demonstrate robust detection capabilities can vastly reduce its liabilities.

A network of crawlers and sensors can alert organizations when their credentials have been offered for sale on the dark web – if you know what’s been stolen, it’s easier to block and mitigate damage. Good cyber threat intelligence is crucial to providing this feedback of information to build stronger defenses around any business.

Tracking for crimeware kits, malware, threat actors and TTPs that could target their sector more generally can also help security teams strengthen their security posture, broaden their situational awareness and put in place appropriate defense measures before adversaries can strike. 

The best way to fight cybercrime on the darknet is to operate in much the same way as the bad guys. If you understand the scope of what’s available to criminals, it’s a lot easier to rationalize how to defend against cyber-attacks and enable others to do the same. Collaboration and intelligence sharing is crucial in the fight against cybercrime.

Categorized in Deep Web

[Source: This article was Published in wired.com BY ANDY GREENBERG - Uploaded by the Association Member: Joshua Simon]

DESPITE ALL THE cybersecurity industry’s talk of preventing “breaches,” a computer network in some ways is less like a fortress and more like a human body. And skillful hackers are like germs: They tend to get in via some orifice or another. Once inside, it’s whether they can thrive and multiply their infections—and what vital organs they can reach—that determines whether the outcome is a sneeze or a full-on catastrophic takeover.

In many modern hacking operations, the difference comes down to a technique known as “credential dumping.” The term refers to any means of extracting, or “dumping,” user authentication credentials like usernames and passwords from a victim computer so that they can be used to reenter that computer at will and reach other computers on the network. Often credential dumping pulls multiple passwords from a single machine, each of which can offer the hacker access to other computers on the network, which in turn contain their own passwords ready to be extracted, turning a single foothold into a branching series of connected intrusions. And that’s made the technique at least as crucial to hackers’ work—and as dangerous for sensitive networks—as whatever phishing email or infected attachment let hackers find entry into the network in the first place.

Credential dumping is largely possible because operating systems have long tried to spare users the inconvenience of repeatedly entering their password. Instead, after a user is prompted to enter it once, their password is stored in memory, where it can be called up by the operating system to seamlessly prove the user’s identity to other services on the network.

But the result is that once a hacker has gained the ability to run code on a victim machine, he or she can often dig up the user’s password from the computer’s memory, along with any other users' passwords that might linger there. In other cases, the hacker can steal a file from the computer's disk called the Security Account Manager, or SAM, which contains a list of the network's hashed passwords. If the passwords are too simple or if the hashing is weak, they can then often be cracked one by one.

Amit Serper, a researcher for security firm Cybereason and a former Israeli intelligence hacker, compares credential dumping to a thief who sneaks through an open window, but once inside finds a spare key to the victim’s house he or she can copy—along with keys to the victim’s car and office. “You got in that one time, but if you want to come back you have to have keys to the house,” Serper says. "Once you have those keys, you can do whatever you want.”

ANDY GREENBERG IS A WIRED SECURITY WRITER AND AUTHOR OF THE FORTHCOMING BOOK, SANDWORM: A NEW ERA OF CYBERWAR AND THE HUNT FOR THE KREMLIN'S MOST DANGEROUS HACKERS.

In some cases, Serper says, he's seen hackers mess with settings on a computer to frustrate the user until he or she calls tech support, which results in an administrator logging into their machine. The hacker can then steal that administrator's much more valuable credentials from memory and use them to wreak havoc elsewhere on the network.

Credential dumping is so crucial to modern hacking operations, Serper says, that he finds in analyses of victim networks that it often precedes even the other basic moves hackers make after gaining access to a single computer, such as installing persistent malware that will survive if the user reboots the machine. “In every large breach you look at today, credentials are being dumped,” Serper says. “It’s the first thing that happens. They just get in, then they dump the passwords.”

By far the most common tool for credential dumping was created in 2012 by a French security researcher named Benjamin Delpy and is known as Mimikatz. Delpy, who worked for a French government agency, wrote it to improve his C++ coding skills and also as a demonstration of what he saw as a security oversight in Windows that he wanted to prove to Microsoft.

 

Since then, Mimikatz has become the go-to credential dumping tool for any hacker who hopes to expand access across a network. Dmitri Alperovitch, the chief technology officer of security firm Crowdstrike, calls it the “AK-47 of cybersecurity." Some sophisticated hackers also build their own credential dumping tools. More often they modify or customize Mimikatz, which is what happened with the likely Chinese hackers revealed last month to have targeted at least 10 global phone carriers in an espionage campaign.

THE WIRED GUIDE TO DATA BREACHES

Aside from that sort of espionage, credential dumping has become a key tool for hackers who seek to spread their infection to an entire network with the aim of destroying or holding ransom as many computers as possible. Mimikatz, for instance, served as an ingredient in a range of paralyzing incidents, from the LockerGoga ransomware attack on aluminum firm Norsk Hydro to the NotPetya worm, a piece of destructive malware released by Russian state hackers that became the most costly cyberattack in history. "Any time we hear in the news that ransomware has taken out an entire organization, this is what happened," says Rob Graham, the founder of Errata Security. "This is how it spread through the entire domain: It gets credentials and uses this mechanism to spread from one computer to the next."

The danger of credential dumping, Graham warns, is that it can turn even one forgotten computer with unpatched vulnerabilities into that sort of network-wide disaster. "It’s not the systems that everyone knows about that you need to worry about, those are patched. It's the systems you don't know about," he says. "A foothold on these unimportant systems can spread to the rest of your network."

While keeping hackers from ever gaining that foothold is an impossible task, Graham says that system administrators should carefully limit the number of users with administrative privileges to prevent powerful credentials from being accessed by hackers. Administrators should be wary of logging into computers that they suspect might be compromised by hackers. And Cybereason's Amit Serper points out that two-factor authentication can help, limiting the use of stolen passwords since anyone trying to use them would need a second authentication factor, too, like a one-time code or a Yubikey.

"Having that second factor is the best way to battle credential dumping," Serper says. "How else can you protect yourself if someone has the master key to your house?"

Categorized in Internet Privacy

 Source: This article was Published smallbusiness.co.uk By Ben Lobel - Contributed by Member: Clara Johnson

Criminals are looking for small businesses' data to sell on the dark web. Here, we look at how to be vigilant.

Most small businesses don’t give two hoots about the ‘dark web’, the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.

As far as many are concerned, the dark web is a murky place where dodgy criminals congregate to buy and sell things like weapons and drugs. It feels like a world apart from everyday business.

In today’s world, though, that’s a dangerous mindset to have. The truth is that, while criminals have been using the dark web for years to sell illegal items, they’re also using it more and more these days to sell something more valuable — stolen and leaked corporate data.

Today, every business has a wealth of valuable data, whether it’s employees’ personal details, corporate credit cards or sensitive client information. Criminals want to get their hands on that, so they can then sell it on the dark web to make some easy money. And it’s not just the criminals who want your data.

‘Hacktivists’ will happily steal from you and post your data online for free just to win kudos or because they want to damage your company reputation. Ex-employees can copy data to a USB or email it to themselves at home and then either deliberately leak it or suffer a breach themselves. And ‘script kiddies’ run automated scans to find vulnerable websites and servers for easy pickings.

The easiest victims to pick on are the small ones

And it’s not just the big firms who are targets. Small businesses are equally at risk, if not more so because they often lack the cybersecurity resources to deal with the problem. And every industry is equally at risk. The truth is that passwords, corporate credit cards, employee personal details, client information and so on are equally valuable whether they come from a big company or small, in manufacturing or in retail. The opportunistic nature of cybercrime makes the perpetrators blind to industry or size — and once perpetrators get hold of your data, they can wreak havoc with it. With corporate credit cards, criminals can buy what they want. With employee personal details, they can target victims with phishing attacks and fraud, and with client information, they can blackmail you.

Jeremy Hendy, CEO of cyber intelligence solutions company RepKnight, says he sees thousands upon thousands of dark web dumps every day of client login details (yes, with passwords). And most of the organisations to whom the data belongs have no idea these sales are happening because the dark web is, well, hidden. ‘The relatively low risk of getting caught (because the dark web affords strong anonymity) combined with the chance to make a lot of money (or at least show off) makes the dark web an incredibly attractive place for cybercriminals,’ Hendy says.

So, what can we do about it? First, we need to change the way we think about cybersecurity.

How AI and Big Data Impact the Structure of the Financial Industry

Protecting your network is a poor way to protect your data, Hendy says. ‘Protect your network, and your data’s safe, right? Wrong. Protecting your network is a poor way to protect your data.

‘Consider it from a parenting point of view. To protect your children (your data), you can install video cameras to the outside of your house and build a big fence around the perimeter of your property to deter kidnappers from getting in (expensive and complex).

‘But what about those times when your children need to leave your property, which will happen pretty much every day? Once your children have left the safety of the house, your house’s protection is useless.’

The same goes for data, he adds. The nature of modern business dictates that your data no longer live within the perimeter of your network protection. It has already flown the nest and has scattered into the online stratosphere through email and collaboration with third-party partners and suppliers.

“Even with the strongest network security, you’re still at risk of having a cybercriminal gain access to your network”

Hendy says that RepKnight recently did an audit of its own data and quickly found that there were around 35 partners, systems and places that were storing the data — all outside of its own network. ‘And we’re a small company, so imagine how that’s going to be magnified for larger organisations.’

Once that data leaves your network, its safety is well and truly out of your control. ‘But unlike children, once your data has left your perimeter it is at risk of being duplicated and leaked, so even if your data does return to the safety of your network, a copy will almost certainly exist elsewhere,’ Hendy says.

Even with the strongest network security, you’re still at risk of having a cybercriminal gain access to your network without your knowledge through the use of ‘compromised credentials’.

‘These kinds of attacks are on the rise because so many people use the same password across various accounts like banking, social media, online shopping and much more.

‘If one of those third parties suffers a breach, chances are they’ve unwittingly handed over the login credentials to your company network, giving criminals the chance to snoop around undetected and steal whatever they want. By the time you find out — which is usually after 450 days after the breach first happened — it’s too late to do anything about it.’

How to combat the threat of the dark web and protect your data

  • Change the focus from network protection to data protection — with an acceptance that your data has already ‘left the building’.
  • Weigh up your options. For most companies, combatting the threat of the dark web is not something that you can do manually. Not only is it hidden, it’s dangerous (rife with malware and phishing sites — there’s no honor amongst thieves) and horrifying (you’ll see things you wish you could un-see and perhaps earn yourself a surprise visit from law enforcement agencies). The dark web is definitely ‘not safe for work’.
  • Consider advanced, automated monitoring software that continuously looks for your data in places where it shouldn’t end up — like dark web marketplaces and bin and dump sites. If the monitoring system finds something it believes to be yours, it should tell you immediately, alerting you to a potential breach you might not even know about yet.
  • Be aware that data monitoring is like tracking your children through GPS. If they go missing, you’ll at least be able to see where they end up. So, if you can track your data in this way, you can do something about it when things go wrong. And so, with today’s technology, there’s no reason for the dark web to remain a hidden threat to small businesses.

Categorized in Search Engine

 Source: This article was Published securityintelligence.com By Jasmine Henry - Contributed by Member: Deborah Tannen

The dark component of the deep web is the primary highway for the exchange and commerce among cybercriminal groups. In fact, very few cybercriminals work alone. Eighty percent of cybercrime is linked to criminal collectives, and stolen data-shaped goods surface rapidly on darknet forums and marketplaces following cybersecurity incidents with data loss.

Adapting to these trends is essential. Organizations with the ability to extract threat intelligence from data-mining these elusive online sources can achieve a significant security advantage.

Deep Web and Darknet: What’s the Difference?

The part of the web accessible through search engines and used for everyday activities is known among researchers as the surface web. Anything beyond that is defined as the deep web. While estimates vary, some researchers project there is 90 percent more deep websites than surface ones, according to TechCabal. In the deep web are unindexed websites that are not accessible to everyday Internet users. Some restrict access, others are routed through many layers of anonymity to conceal their operators’ identity.

Darknet websites and technologies are a subset of the deep web classification, which consists of sites intentionally hidden and generally only accessible through technologies like The Onion Router (Tor), a software that facilitates anonymous communication, or peer-to-peer (P2P) browsers. This hidden web is closely associated with anonymity and (in some cases) criminal activity supported by open exchange and collaboration between threat actors.

How to Draw Dark Threat Intelligence

“Dark web intelligence is critical to security decision-making at any level,” said Dave McMillen, senior analyst with X-Force IRIS at IBM X-Force Incident Response and Intelligence Services (IRIS). “It is possible to collect exploits, vulnerabilities and other indicators of compromise, as well as insight into the techniques, tactics, and procedures [TTPs] that criminals use for distinct knowledge about the tools and malware threat actors favor.”

When this real-time threat data is filtered through sufficient context and separated from false positives, it becomes actionable intelligence. McMillen believes there are several ways organizations can benefit from dark-sourced intelligence. These benefits include understanding emerging threat trends to develop mitigation techniques proactively. Dark-source intelligence could also help with identifying criminal motivations and collusion before attacks. It could even aid in attributing risks and attacks to specific criminal groups.

How to Identify Darknet Security Risks

For expert threat researchers like McMillen, patterns of deep web activity can reveal an attack in progress, planned attacks, threat trends or other types of risks. Signs of a threat can emerge quickly, as financially-driven hackers try to turn stolen data into profit within hours or minutes of gaining entry to an organization’s network.

The average time it takes to identify a cybersecurity incident discovery is 197 days, according to the 2018 Cost of a Data Breach Study from the Ponemon Institute, sponsored by IBM. Companies who contain a breach within 30 days have an advantage over their less-responsive peers, saving an average of $1 million in containment costs.

“Employing dark web monitoring solutions that allow the use of focused filters to identify key phrases, such as your brand and product names, that may contain information that can negatively affect your organization is a good start in your effort to glean useful intelligence from the dark web,” McMillen said.

The collected data should then be alerted and routed through a human analysis process to provide actionable insights. Context-rich threat intelligence can reveal many different forms of risk.

1. Organization or Industry Discussion

Among the key risk factors and threats are mentions of an organization’s name in forum posts, paste sites, channels or chatrooms. Contextual analysis can determine whether threat actors are planning an attack or actively possess stolen data. Other high-risk discussions can surround niche industries or verticals, or information on compromising highly-specific technologies employed by an organization.

2. Personally Identifiable Information (PII) Exchange

When a breach has occurred, the sale of PII, personal health data, financial data or other sensitive information can be indicative of the aftermath of an attack. A single data record can sell for up to $20, according to Recorded Future. This data is generally stolen en-masse from large organizations — such as credit agencies and banks — so a few thousand credit card numbers can turn a huge profit.

Unsurprisingly, 76 percent of breaches are financially motivated, according to the 2018 Data Breach Investigations Report from Verizon.

3. Credential Exchange

Lost or stolen credentials were the most common threat action employed in 2017, contributing to 22 percent of data breaches, according to the Verizon report. While the presence of usernames and passwords on paste sites or marketplaces can indicate a data breach, contextual analysis is required to determine whether this is a recent compromise or recycled data from a prior incident.

In May 2018, threat intelligence company 4iQ uncovered a massive floating database of identity information, including over 1.4 billion unencrypted credentials.

“The breach is almost two times larger than the previous largest credential exposure,” Julio Casal, founder of 4iQ, told Information Age.

4. Information Recon

Social engineering tactics are employed in 52 percent of attacks, according to a February 2018 report from security company F-Secure. Collusion around information recon can surface in both open and closed-forum exchanges between individual threat actors and collectives.

5. Phishing Attack Coordination

As phishing and whaling attacks become more sophisticated, deep web threat intelligence can reveal popular TTPs and risks. Coordination around information recon is common. Threat actors can now purchase increasingly complex phishing-as-a-service software kits and if defenders are familiar with them, they can better educate users and put the right controls in place.

dir=”ltr”>Although malicious insiders cause fewer breaches than simple human error, the darknet is an established hub for criminal collectives to recruit employees with network credentials for a sophisticated attack. Dark Reading tracked nearly twice as many references to insider recruitment on darknet forums in 2016 as in 2015.

7. Trade Secrets and Sensitive Asset Discussions

Trade secrets and competitive intelligence are another lucrative aspect of threat actor commerce that can signal risks to researchers. In one recent incident reported by CNBC in July 2018, a likely Russian cybercriminal sold access to a law firm’s network and sensitive assets for $3,500. Having had that information ahead of time could have saved the victim time, money, and reputational damage.

What Are the Challenges to Deriving Value From Dark Sources?

While there is clear strategic and tactical value to darknet threat intelligence, significant challenges can arise on the road to deep web threat hunting and data-mining. For instance, it’s not ideal to equip security operations center (SOC) analysts with a Tor browser. The potential volume of false positives based on the sheer size of the hidden web necessitates a more effective approach.

“The dark web is fragmented and multi-layered,” McMillen said.

When researchers discover a credible source, it generally requires hours to vet intelligence and perform a complete analysis. Darknet commerce has also grown increasingly mercurial and decentralized as law enforcement tracks criminal TTPs as they emerge. Security leaders who can overcome these barriers have the potential to significantly improve security strategy in response to emerging threat trends and risk factors.

The 2018 Artificial Intelligence (AI) in Cyber-Security Study from the Ponemon Institute, sponsored by IBM Security, discovered that artificial intelligence (AI ) could provide deeper security and increased productivity at lower costs. Sixty-nine percent of respondents stated that the most significant benefit of AI was the ability to increase speed in analyzing threats.

As leaders consider how to deepen adoption of dark threat intelligence, it’s valuable to understand that not all intelligence sources can adequately capture the full scope of threat actor exchange on this vast, fast-morphing plane. Relying on stagnant, outdated or fully automated technologies may fail to mitigate important risks. The best mode of protection is one which combines the intelligence of skilled human researchers and AI to turn raw data into actionable intelligence effectively.

Categorized in Deep Web

Source: This article was Published techrepublic.com By Alison DeNisco Rayome - Contributed by Member:James Gill

Worried about cybersecurity? Here are 10 activities that take place on the Dark Web that organizations should watch out for.

In the wake of seemingly constant high profile breaches, organizations are taking precautions to protect against cyber attacks, including raising security budgets and educating employees. However, the cost of a breach can be enough to significantly harm a company's finances and reputation: The average total cost of a data breach is $3.86 million, according to a recent Ponemon Institute report.

The ongoing risk of attack has led some organizations to seek new ways to proactively monitor the Dark Web for lost or stolen data, according to a Wednesday report from Terbium Labs.

1. Doxing of a company VIP

Dark Web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, the report said. There is often a motivation behind these posts, such as political beliefs, hacktivism, vigilantism, or vandalism. For example, the executive of a wealth management firm was included in a large-scale dox as the result of their political contributions, the report noted.

2. Full PANs, BINs, and payment cards for sale

The economy for payment cards on the Dark Web is strong, with a single card costing between $5 and $20. Sellers update markets with new cards regularly—sometimes even daily, the report said. And business and platinum cards will net criminals a higher price than average cards.

3. Guides for opening fraudulent accounts

On the Dark Web, you can find guides for sale that contain detailed, step-by-step instructions on how to exploit or defraud an organization, the report said. The guide serves two purposes: Criminals learn how to break into a company's systems and processes, and the company's brand name is promoted to criminals as a result of the listing. For example, when a major US bank changed security policies, criminals updated guides with techniques to get around those changes.

4. Proprietary source code

A leak of source code can allow competing companies to steal intellectual property, and also allow hackers to review the code for potential vulnerabilities to be exploited, according to the report. Leaks of source code from tech giants will make the news, but source code from others is regularly leaked on sites like Github and Pastebin, as developers seek advice and input from others, the report noted.

5. Dump of a database

Third-party breaches can put organizations at risk by revealing employee credentials that can unlock other accounts or provide information for phishing attacks. For example, if criminals can post an internal database, it reveals private contracts or partnerships between organizations and employee locations.

6. Template to impersonate a customer account

The Dark Web is full of account templates that allow hackers to pose as customers of financial institutions, telecommunications companies, and other service providers, the report noted. These templates are then used to solicit loans, open accounts, or as part of a broader scheme for identity theft or fraud.

7. Connections between employees and illicit content

Posts doxing individuals who engage in illegal activities on the Dark Web, such as child exploitation, can draw undue negative attention to their employers or affiliated organizations. For example, one post listed the full contact information for a tech company that accidentally provided tech support to a child exploitation site.

8. W2s and tax-fraud documents

Each year before tax season, there is a rush of Dark Web activity to gather compromised identity information and file fraudulent tax returns before the actual taxpayer can do so, the report said. This tax fraud is enabled by the sale of W2s and other tax fraud-specific documents, which can be tied back to the employers where those documents came from originally.

9. Secure access and specialty passes

While most of the materials on the Dark Web are for generalized personal information, vendors sometimes offer special access materials, ranging from amusement park tickets to military IDs. For example, one Dark Web market offered physical press passes designed to help cybercriminals pass as journalists at events, the report found.

10. Inexpert Dark Web searching

Despite the need to keep tabs on Dark Web activity, security vendors can accidentally expose an organization to harm by searching for information related to the company on the Dark Web. For example, one vendor searched for a CISO's name so many times on a now-defunct Dark Web search engine that the name made it to the front page of the site under "trending," the report noted.

Categorized in Deep Web

Cybersecurity Expert. Trusted advisor to board members and stakeholders, to define strategies for managing cybersecurity risks.

The development of the cyber environment is articulated through new digital scenarios -- from the technological development of smartphone apps to the Internet of Things, from the sharing economy to social networks -- the circulation of personal data has expanded extensively and rapidly. In particular, I recognize a slow but decisive transition from a material, utilitarian and free sharing typical of the sharing economy, for which self-regulation was sufficient, to today's atmosphere of social sharing. If the services of the sharing economy technologies seemed to put the privacy of users at risk, the new system seems to be even more saturated with issues. In fact, the social sharing of photographs, thoughts, and confidential information risks endangering the privacy of internet users and, considering that much of this personal data is also transported overseas where the discipline and the protection provided is profoundly different, the question becomes extremely complex.

This shift is characterized by the diffusion and horizontal expansion of increasingly sophisticated and integrated social engineering methods and techniques, and through the release and sharing of technologically persuasive applications. These scenarios are found in the profile of cyber attacks and are significant characterizations in terms of behavioral matrixes and operational creativity.

Inevitably, the concepts of knowledge and information management have been redefined and are now almost completely digitalized, with significant relapses in terms of security. In today's cyber scenario, a new multidimensional concept of security has emerged, deriving from the interpenetration of the paradigms of social change and digital-media convergence -- both understood as multipliers of instances coming in particular from the underground. This underground becomes ever more reticular, competent and cohesive, from a digital point of view, until it's the "cartilage" of the system exoskeleton, not only in infrastructural terms but also in terms of cultural identity.

As a result, open society, right-to-know and digital info sharing become the pillars of contemporary democratic architecture. It is necessary to explore cyberspace in a deep and scientific way -- to understand it as a human space, one which needs to be identified and analyzed dynamically, with scientific rigor, avoiding any reductionist simplicity dictated by the fashions of the moment. The specificities and the socio-cultural differences between activism and hacktivism are also worth examining in the transition process toward fully digital models of politics and diplomacy.

As an example, Bitcoin should not be considered mere virtual currency, but also as an instrument, product, and modality of self-construction. It's an identity-based dissemination of digital exchange communities and an interactive process through which all the subjects involved create information, innovation, and resources.

It is essential to direct operational research into the elaboration and anticipation of scenarios that are no longer futuristic or even too far in the future -- ones in which we imagine the impact and dynamics of the cybercriminals who use distributed denial of service (DDoS) or botnet attacks. These attacks might be a self-legitimized form of cyber-protest or a revisitation, in a cyber environment, of protest sit-ins that animated most of the 20th century and which often caused paralysis not only of viability but also of the vital functions of important institutions.

The unknown journey that leads humanity toward post-globalization is strongly marked by some pieces of evidence including the conflicts arising from the frictions between the development of the metropolitan institutional environment and the organizational dynamics of transnational digital communities and the advent of new sexual-digital identities.

We are witnessing the progressive emergence of organized and globalized criminals, above all at the level of the media. These criminals are born from the necessity of evolution through the web, pre-existing local and internationalized structures, and by long processes of criminal hybridization. This hybridization has connected them through the web. This evolution requires a resetting of operational missions based on full integration between social sciences and computational technologies in order to uncover qualitative and quantitative strategies that can be used to attain a deep understanding of the organized and now digitized criminal complex.

The triangulation of big data, web intelligence, and information assurance turns out to be the key to managing the complexity and the centrality of information, which is now the regulating essence of every aspect of life. Today, it's important to focus not just on the internet of things but also on the sometimes obscure internet of thoughts, which requires equal amounts of analytical attention. This emphasizes that today cyber can no longer be considered an object external to mankind, and should instead be seen as pervasively connected to it. Therefore, in firmly considering cybersecurity as a dynamic process and not a static product, it is evident that it is not possible to guarantee the security of the globalized citizen in relation to the relationship between freedom and democracy, without using appropriate conceptual tools to understand and manage the complexity that turns out to be unquestionably human, cultural and social.

Source: This article was published on forbes.com By John Giordani

Categorized in Internet of Things
Page 1 of 3

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media