fbpx

The lingering COVID-19 pandemic has driven many businesses to reimagine how both their workforce and consumers will interface in the future. For employees, working from home has presented new challenges and opportunities.

The lingering COVID-19 pandemic has driven many businesses to reimagine how both their workforce and consumers will interface in the future. For employees, working from home has presented new challenges and opportunities. Time previously spent commuting is saved, while communal areas of the home have been re-purposed into makeshift office space, and the daily wardrobe is dictated by scheduled video-conferences. For consumers, the slow migration away from brick and mortar stores has become a sprint, largely mandated by local health orders closing stores. Even stores that remained “open” have implemented online or remote/physically distanced measures to connect with consumers. Buying groceries, clothing, food for delivery, and even dating and other social interactions have moved almost entirely online. As daily “living” moves online individual privacy rights have garnered more attention...

Read More...

 

[Source: This article was published in law.com By Bradford Hughes - Uploaded by the Association Member: Robert Hensonw]

Categorized in Work from Home

In 2020, phishing is just about the common kinds of cyberattacks on businesses and individuals alike. 56% of IT decision-makers state that phishing attacks will be the top security threat they truly are facing, with 32% of hacks involving phishing. Here is video phishing and how you protect your self.

Phishing is no longer limited to emails from Nigerian princes offering the recipients massive returns on investments.

Many phishing messages and internet sites have become sophisticated to the point that users are no longer in a position to recognize them without specific training. Google now blacklists an average of 50,000 internet sites for phishing every week.

On the upside, the ways that it is possible to protect your self from phishing attacks have evolved aswell in recent years. They range from using up-to-date firewall software to using secure platforms such as for example cloud-based business phone services.

A new threat is looming on the horizon: video phishing.

Driven by technological advances, artificial intelligence, and machine learning, this new trend has the potential of causing catastrophic security breaches.

Keep reading to find out what video phishing is, what it seems like, and how you can protect yourself.

 

How does Video Phishing work?

Surprise! Elon Musk is interrupting your Zoom call.

Sounds fake? It is.

But it looks disturbingly real.

See the end of the document for embed.

The video above shows a software of Avatarify, a tool manufactured by a researcher to transform users in to celebrities in real-time throughout Zoom or Skype calls. Its inventor, Ali Aliev, says that the program’s purpose was to have some fun throughout COVID-19 lockdown — by surprising friends during video conferences as Albert Einstein, Eminem, or the Mona Lisa.

The technology behind donning someone else’s animated face like a mask is called deepfaking.

Deepfakes are relatively new applications of machine learning tools. These tools generate realistic faces by analyzing 1000s of videos and images of a target’s face and extracting patterns for common expressions and movements. Then, these patterns can be projected onto anybody, effectively morphing them in to someone else.

You utilize the image of  Elon Musk. Or President Obama. In fact, a deep fake video of the former President calling his successor ‘a total and complete dips**t’ went viral in 2018.

The implications of this technology for cybersecurity are wide-reaching and potentially disastrous.

BECAUSE RATHER THAN TROLLING YOUR PALS, OR INSULTING PRESIDENT TRUMP VIA SOME BODY FAMOUS DEEPFAKES — YOU WON’T KNOW IF IT’S FRIENDS BEING COMICAL — OR THE DANGEROUS, VIDEO PHISHING.

What will be the Dangers of Video Phishing?

According to CNN, the majority of deepfake videos on the net as of the conclusion of 2019, were pornography. In total, 15,000 of such videos were counted. That might not seem like much, taking into consideration the vastness of the internet.

 

The reason behind these rather limited numbers has been that generating convincing deepfakes has a fair amount of computational power. Avatarify, for example, takes a high-level gaming PC to operate properly.

But lower-quality applications have been completely developed, like a face-swapping app that got banned again fairly quickly.

It is a question of time before deepfake technology becomes widely available. And widely used for cybercrime.

Some of those scams have been completely recorded and you can find them on YouTube.

In one case, hackers used similar technology to deepfake the voices of Chief executive officers and sent voicemail messages to executives. They succeeded in effecting a transfer of a mind-boggling $243,000.

In still another case, three men were arrested in Israel for swindling a businessman out of $8 million by impersonating the French foreign minister.

Experts already are warning against other possible applications of deepfake videos for frauds to generate funds. One scenario, for example, is extortion. Hackers could threaten the release of a video containing content that may be damaging to a person’s or business’ reputation. Such content could range from straight-out pornography to the CEO of a business endorsing racist views.

As experiences have shown, that may be disastrous. For businesses, even the regular type of ‘fake news’ might have catastrophic impacts on industry relationships, and even their stock market values.

“Those kinds of things can put a company out of business through reputation damage,” Chris Kennedy of the AI cyber-security platform AttackIQ said in a recent interview with Forbes. “We’re hitting the tipping point in which technology is taking advantage of the biggest human weakness, we’re over-trusting.”

How to Defend Yourself against Deepfake Video Phishing

Today, having a higher cybersecurity standard is more important than in the past. With on the web life proliferating during the COVID-19 crisis, scams and phishing attacks have flourished aswell.

The good news regarding phishing videos is that the technology, as of 2020, is still relatively new, and the case numbers relatively low. That means that individuals and companies have time and energy to prepare, and disseminate information to ward against such attacks.

Know the essential defense moves

As a most basic kind of defense, careful attention is advised in the event that you receive an unsolicited video call, particularly from some body famous or in a position of authority. Never trusting caller IDs, hanging up instantly, and perhaps not sharing any information on such calls is important.

 

If you receive video messages that could be authentic, nevertheless, you are uncertain about it, you should use software to find out if that which you are facing is a deep fake. For example, businesses such as Deeptrace offers computer software with the capability to recognize AI-generated video content.

Apart from that, some low-tech solutions to force away video phishing are having agreed-upon code words when communicating about painful and sensitive information via video messaging, using a 2nd communication channel to confirm information, or asking security questions that your interlocutor can only answer if they are the real thing.

Basically, pretend you’re in an old James Bond film. ‘In London, April’s a Spring month’ and all that.

Final Thoughts

Using AI to morph into somebody else and extract sensitive information may still sound futuristic. But it’s only a question of time until video phishing hits the main-stream.

As technology advances and artificial intelligence and machine learning applications to copy the face area and voice of people become widely available, how many deepfake scams is set to undergo the roof.

[Source: This article was published in digitalmarketnews.com By Kanheya Singh - Uploaded by the Association Member: Issac Avila]

Categorized in Deep Web

There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.

Researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

 

“The sheer number of credentials available is staggering,” said Rick Holland, CISO at Digital Shadows.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

Mr Holland said that his firm had alerted its customers to around 27 million credentials over the past one-and-a-half years that could directly affect them.

The number of stolen credentials has risen by more than 300 per cent since 2018, due to a surge in data breaches. An estimated 100,000 separate breaches have taken place over the last two years.

Among the credentials for sale were those that granted access to accounts within organisations, with usernames containing the word "invoice" or "invoices" among the most popular listings.

Digital Shadows said it was unable to confirm the validity of the data that the vendors purport to own without purchasing it. The researchers said that listings included those for large corporations and government organisations in multiple countries.

Security experts advise internet users to use individual passwords for each online service that they use, while also adopting measures like two-factor authentication where possible.

 

Online tools like HaveIBeenPwned can also indicate whether a person's email address has been compromised in a major data breach.

 [Source: This article was published in independent.co.uk By Brien Posey - Uploaded by the Association Member: Anthony Cuthbertson]

Categorized in Internet Privacy

Ohio and Washington emerged as new hotspots for internet crime in 2019, though California continues to lead with the largest online fraud victim losses and number of victims, according to research from the Center for Forensic Accounting in Florida Atlantic University's College of Business.

California online victim losses increased 27 percent from 2018 to $573.6 million in 2019. The number of victims in California increased by 2 percent to 50,000.

Florida ranked second in victim losses ($293 million) and also posted the largest annual increase in both victim losses and number of victims over the past five years. The average loss per victim in the Sunshine State grew from $4,700 in 2015 to $10,800 in 2019, while the average victim loss jumped 46 percent from 2018.

 

When victim losses are adjusted for population, Ohio had the largest loss rate in 2019 at $22.6 million per 1 million in population, rising sharply from $8.4 million in 2018. Washington had the highest victim rate at 1,720 per 1 million in population.

Ohio and Washington replaced North Carolina and Virginia, which ranked among the top states in 2018.

The other top states in the latest   report were New York and Texas. The report is based on statistics from the FBI, which collects data from victims reporting alleged internet crimes.

"Fraudsters are getting more efficient at going after where the money is," said Michael Crain, DBA, director of FAU's Center for Forensic Accounting. "There doesn't seem to be any mitigation of the growing trend of online crime. The first line of defense from online fraud is not a technology solution or even law enforcement; it's user awareness. From a policy perspective, governments and other institutions should get the word out more so that individuals and organizations are more sensitive to online threats."

Crimes such as extortion, government impersonation and spoofing became more noticeable last year for their increases in victim losses and number of victims, according to the report. Business email compromise/email account compromise (BEC/EAC) remains the top internet crime in 2019 with reported losses of $1.8 billion, followed by confidence fraud/romance ($475 million) and spoofing ($300 million) schemes.

Spoofing, the falsifying of email contact information to make it appear to have been originated by a trustworthy source, was the crime with the largest percentage increase in victim losses (330 percent) of the top states during 2019.

 

BEC/EAC, in which business or personal email accounts are hacked or spoofed to request wire transfers, accounted for 30 percent to 90 percent of all victim losses last year in the top states and has grown significantly since 2015.

In confidence fraud/romance, an online swindler pretends to be in a friendly, romantic or family relationship to win the trust of the victim to obtain money or possessions.

For online investment fraud, in which scammers often lure seniors with promises of high returns, California leads the top states with $37.8 million in victim losses, but Florida's population-adjusted loss rate of $1.1 million makes it the state where victims are likely to lose the most money.

A major problem is that most internet crime appears to originate outside the United States and the jurisdiction of U.S. authorities.

"Foreign sources of internet crimes on U.S. residents and businesses make it challenging for whether  levels can be reduced as the public becomes more connected and dependent on the internet," the report states.

 

[Source: This article was published in phys.org By Paul - Uploaded by the Association Member: James Gill]

Categorized in Online Research

With much of the country still under some form of lockdown due to COVID-19, communities are increasingly reliant upon the internet to stay connected.

The coronavirus’s ability to relegate professional, political, and personal communications to the web underscores just how important end-to-end encryption has already become for internet privacy. During this unprecedented crisis, just like in times of peace and prosperity, watering down online consumer protection is a step in the wrong direction.

The concept of end-to-end encryption is simple; platforms or services that use the system employ complex software to ensure that only the sender and the receiver can access the information being sent.

At present, many common messaging apps or video calling platforms offer end-to-end encryption, while the world’s largest social media platforms are in various stages of releasing their own form of encrypted protection.

End-to-end encryption provides consumers with the confidence that their most valuable information online will not be intercepted. In addition to personal correspondence, bank details, health records, and commercial secrets are just some of the private information entered and exchanged through encrypted connections.

With consumers unable to carry out routine business in person, such as visiting the DMV, a wealth of private data is increasingly being funneled into online transactions during the COVID-19 pandemic.

Unsurprisingly, however, the ability to communicate online in private has drawn the ire of law enforcement, who are wary of malicious actors being able to coordinate in secret. For example, earlier this year Attorney General Bill Barr called on Apple to unlock two iPhones as part of a Florida terror investigation.

The request is just the latest chapter in the Justice Department’s battle with cellphone makers to get access to private encrypted data.

While Apple has so far refused to forgo the integrity of its encryption, the push to poke loopholes into online privacy continues. The problem is not the Justice investigation, but rather the precedent it would set.

As Apple CEO Tim Cook noted in 2016, cracking encryption or installing a backdoor would effectively create a “master key.” With it, law enforcement would be able to access any number of devices.

Law enforcement agents already have a panoply of measures at their fingertips to access the private communications of suspected criminals and terrorists. From the now-infamous FISA warrants used to wiretap foreign spies to the routine subpoenas used to access historic phone records, investigators employ a variety of methods to track and prosecute criminals.

Moreover, creating a backdoor to encrypted services introduces a weak link in the system that could be exploited by countless third-party hackers. While would-be terrorists and criminals will simply shift their communications to new, yet-to-be cracked encryption services, everyday internet users will face a higher risk of having their data stolen. An effort to stop the crime that results in an opportunity for even more crime seems like a futile move.

Efforts to weaken encryption protections now appear even more misjudged due to a rise in cybercrime during the COVID-19 pandemic. Organizations such as the World Health Organization have come under cyberattack in recent weeks, with hundreds of email passwords being stolen.

Similarly, American and European officials have recently warned that hospitals and research institutions are increasingly coming under siege from hackers. According to the FBI, online crime has quadrupled since the beginning of the pandemic. In light of this cyber-crimewave, it seems that now is the time for more internet privacy protection, not less.

Internet users across America, and around the world, rely on end-to-end encryption for countless uses online. This reliance has only increased during the COVID-19 pandemic, as more consumers turn to online solutions.

Weakening internet privacy protections to fight crime might benefit law enforcement, but it would introduce new risk to law-abiding consumers.

 

[Source: This article was published in insidesources.com By Oliver McPherson-Smith- Uploaded by the Association Member: Jennifer Levin]

Categorized in Internet Privacy

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

 

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’ deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data, and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web, in general, is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

 

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

 

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Alex]

Categorized in Deep Web

New search engine Kilos is rapidly gaining traction on the dark web for its extensive index that allows users access to numerous dark web marketplaces.

A new search engine for the dark webKilos, has quickly become a favorite among cybercriminals and here’s why.

It all began when the dark web search engine, Grams, launched in April 2014. Grams was an instant hit, proving useful not only to researchers but cybercriminals too.

The search engine used custom APIs to scrape some of the most prominent cybercriminal markets at the time. These include AlphaBayDream Market, and Hansa.

In addition to helping searchers find an illicit product using simple search terms, Grams also provided Helix, a Bitcoin mixer service. That way, users can conveniently hide their transactions on the platform.

 

Yes, Grams was a revolutionary tool for cybercriminals on the dark web. But, it’s index was still relatively limited.

In a Wired interview, an administrator stated that the team behind Grams didn’t have the capabilities to crawl the whole darknet yet. So, they had to create an automated site submitter for publishers to submit their site and get listed on the search engine.

Despite Grams’ success, it would not remain for long. In 2017, the administrators shut down the search engine’s indexing ability and took the site down.

However, a new search engine would eventually rise to take Grams’ place two years later.

Kilos Became the Favorite Search Engine on the Dark Web

In November 2019, talks of a new dark web-based search engine called Kilos started making rounds on cybercriminal forums.

According to Digital Shadows, it’s uncertain whether Kilos has pivoted directly from Grams or if the same administrator is behind both projects. However, the initial similarities are uncanny.

For example, they both share a similar search engine-like aesthetics. Also, the naming convention remained the same, following the unit for weight or mass measurement.

Expectedly, Kilos pack more weight than Grams ever did.

Thanks to the new search engine, searchers can now perform more specific searches from a more extensive index. Kilos enable users to search across six of the top dark web marketplaces for vendors and listings.

These include CryptoniaSamsaraVersusCannaHomeCannazon, and Empire.

According to Digital Shadows, Kilos has already indexed 553,994 forum posts, 68,860 listings, 2,844 vendors, and 248,159 reviews from seven marketplace and six forums. That’s an unprecedented amount of dark web content.

What’s more, the dark web search engine appears to be improving, with the administrator introducing new updates and features. Some of these features include:

  • Direct communication between administrator and users
  • A new type of CAPTCHA to prevent automation
  • Advanced filtering system
  • Faster searches and a new advertising system
  • New Bitcoin mixer called Krumble

Kilos are gradually becoming the first stop for dark web users. From individuals looking to purchase illicit products to those searching for specific vendors, tons of users now depend on the search engine.

This could further increase the amount of data that’s available to security researchers as well as threat actors.

 

[Source: This article was published in edgy.app By Sumbo Bello - Uploaded by the Association Member: Jennifer Levin]

Categorized in Search Engine

DENVER, March 24, 2020 (GLOBE NEWSWIRE) -- TruKno, a Denver-based startup focused on improving the way cybersecurity professionals find and leverage critical information and experts, today announced the launch of the first search platform built from the ground up for the cybersecurity industry.

TruKno combines access to niche experts with the latest attack vectors, breach data, mitigation practices, innovative solutions and associated vendors to equip cybersecurity professionals with the necessary information to contend with the constantly changing threat landscape. The robust TruKno search platform currently includes more than 20,000 items and more content is added daily. 

 

“Cybersecurity has become a never-ending game of cat-and-mouse between hackers seeking to exploit vulnerabilities and cybersecurity professionals working to mitigate known and unknown risks to networks,” said Manish Kapoor, founder and CEO of TruKno. “In cybersecurity, finding the right information at the right time is crucial, but the fragmented nature of the industry makes being able to actually pinpoint and utilize that information an enormous challenge — with devastating consequences for failure. Our search platform consolidates all consequential components to give users the most thorough understanding of any given threat.”

“Previously, there was no platform that truly integrated all relevant cyber information in one place,” said James Carder, chief security officer at LogRhythm. “TruKno is delivering real value to the cyber community by consolidating and curating vital threat intelligence and aligning it to specific solutions, solution providers and niche experts.”

Developed by Kapoor, a seasoned technology industry professional with more than 20 years of experience in field sales, business development and product management, TruKno was created to provide context surrounding top cybersecurity threats. Kapoor’s background includes more than 10 years at Cisco Systems, helping various global service providers launch new, managed/cloud/hosted cybersecurity services. He earned an electrical engineering degree from the University of Colorado Boulder and a master’s in business management from Harvard University.

“Current search engine results are too general and have become skewed by SEO manipulation, paid advertising and changing algorithms. As such, traditional information-sourcing methods are inefficient,” Kapoor continued. “That is why we believe the future of search is curated. Curated search both excludes low-value content and brings specific content to light that might not have otherwise shown up in generic search results.”

TruKno will be hosting daily informational webinars over the next several days. To register, or for more information about TruKno’s curated search platform for cybersecurity, please visit www.TruKno.com.

 

About TruKno
TruKno is the first curated search platform built from the ground up for the cybersecurity industry. Based in Denver, TruKno provides a better, faster way for industry professionals to identify and comprehend top cyber threats, consolidating all related information, including the latest breaches, mitigation practices, innovative solutions, associated vendors and access to niche experts. TruKno empowers cybersecurity experts to share knowledge and highlight their personal experience, strengthening the cybersecurity community. For more information, visit www.TruKno.com.

[Source: This article was published in markets.businessinsider.com - Uploaded by the Association Member: Deborah Tannen]

Categorized in Search Engine

Protect yourself by learning about this mysterious digital world

Below the surface, the internet you recognize and use for your browsing is a shadowy, digital netherworld. According to a report by Cybersecurity Ventures, cybercrime is projected to cost the world more than $6 trillion annually by 2021. At the heart of most cybercrime is the Dark Web.

The Dark Web is making its way into the public sphere more and more, but much remains unclear and misunderstood about this mysterious digital world that most of us will never see. Here’s what you need to know:

 

Three Layers of the Web

The World Wide Web has three distinct layers. The first is the Surface Web, where most people do searches using standard browsers. The second is the Deep Web, which is not indexed in standard search engines and is accessed by logging in directly to a site; it often requires some form of authentication for access. Finally, there is the Dark Web, which is only accessible through specific browsers. Its most common browser, Tor, encrypts all traffic and allows users to remain anonymous.

Gaining access to Dark Web sites often requires an invitation which is offered only after a substantial vetting process. Purveyors of these sites want to keep out law enforcement, although “white hat” hackers (computer security experts) and law enforcement have successfully broken through. Some identity theft protection services provide Dark Web monitoring to see if your personal information, such as your credit card, has been stolen. Often it is through the monitoring of the Dark Web that security professionals first become aware of massive data breaches by researching the commonality of large troves of personal information being sold.

Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed the email is indeed legitimate.

It is on these criminal Dark Web sites that all kinds of malware, like ransomware, are bought and sold. Other goods and services bought, sold and leased on these Dark Web cybercrime websites include login credentials to bank accounts, personal information stolen through data breaches, skimmers (devices to attack credit card processing equipment and ATMs) and ATM manuals that include default passwords.

Be Aware of Cybercrime Tools

Amazingly, the Dark Web sites have ratings and reviews, tech support, software updates, sales and loyalty programs just like regular retail websites. Many also offer money laundering services. Additionally, botnets (short for “robot network”) of compromised computers can be leased on the Dark Web to deliver malware as well as phishing and spear phishing emails (these appear to be sent from a trusted sender, but are seeking confidential information).

While the actual number of cybercriminal geniuses is relatively small, they’ve developed a lucrative business model. They create sophisticated malware, other cybercrime tools and their delivery systems, then sell or lease those tools to less sophisticated criminals.

 

The proliferation of ransomware attacks provides a good example of how this business model operates. Ransomware infects your computer and encrypts all of your data. Once your data has been encrypted, you, the victim of a ransomware attack, are told that a ransom must be paid within a short period of time or your data will be destroyed. Ransomware attacks have increased dramatically in the past few years and are now the fastest growing cybercrime.

Cybersecurity Ventures says companies are victimized by ransomware every 14 seconds, at a cost of $11.5 billion worldwide this year. While the creation and development of new ransomware strains requires great knowledge and skill, most ransomware attacks are being perpetrated by less sophisticated cybercriminals who purchase the ransomware on the Dark Web.

Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

Phishing, and more targeted spear phishing, have long been the primary way that malware, such as ransomware and keystroke logging malware used for identity theft purposes, are delivered. Phishing and spear phishing lure victims into clicking links within emails that download malware onto their computer systems.

Sophisticated cybercriminals now use artificial intelligence to gather personal information from social media such as Twitter, Facebook, Instagram and other sites to produce spear phishing emails with high success rates.

How to Protect Yourself

The best thing you can do to protect yourself from having your information turn up on the Dark Web is to avoid downloading the malware that can lead to your information being stolen or your computer being made a part of a botnet. Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed that the email is indeed legitimate.

Relying on security software is not enough to protect you, because the best security software is always at least a month behind the latest strains of malware. Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

In this era of constant data breaches, it is advisable to use an identity theft protection service that will monitor the Dark Web and alert you if your information appears there.  And there are websites which offer guidance on what to do if this happens to you. These monitors are a small flashlight shedding a beam on a very dark section of the digital universe and may help avoid major headaches before it’s too late.

 

[Source: This article was published in nextavenue.org By Steve Weisman - Uploaded by the Association Member: David J. Redcliff]

Categorized in Deep Web

Since the Arab uprisings of 2011, UAE has utilised 'cyber-security governance' to quell the harbingers of revolt and suppress dissident voices

he nuts and bolts of the Emirati surveillance state moved into the spotlight on 1 February as the Abu Dhabi-based cybersecurity company DarkMatter allegedly stepped "out of the shadows" to speak to the international media.

Its CEO and founder, Faisal al-Bannai, gave a rare interview to the Associated Press at the company's headquarters in Abu Dhabi, in which he absolved his company of any direct responsibility for human rights violations in the UAE.  

 

Established in the UAE in 2015, DarkMatter has always maintained itself to be a commercially driven company. Despite the Emirati government constituting 80 percent of DarkMatter's customer base and the company previously describing itself as "a strategic partner of the UAE government", its CEO was at pains to suggest that it was independent from the state.

According to its website, the company's stated aim is to "protect governments and enterprises from the ever-evolving threat of cyber attack" by offering a range of non-offensive cybersecurity services. 

Seeking skilled hackers

Though DarkMatter defines its activities as defensive, an Italian security expert, who attended an interview with the company in 2016, likened its operations to "big brother on steroids" and suggested it was deeply rooted within the Emirati intelligence system.

Simone Margaritelli, also a former hacker, alleged that during the interview he was informed of the UAE's intention to develop a surveillance system that was "capable of intercepting, modifying, and diverting (as well as occasionally obscuring) traffic on IP, 2G, 3G, and 4G networks".

Although he was offered a lucrative monthly tax-free salary of $15,000, he rejected the offer on ethical grounds.

Furthermore, in an investigation carried out by The Intercept in 2016, sources with inside knowledge of the company said that DarkMatter was "aggressively" seeking skilled hackers to carry out offensive surveillance operations. This included plans to exploit hardware probes already installed across major cities in order to track, locate and hack any person at any time in the UAE.

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity “dealers” who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state

As with other states, there is a need for cybersecurity in the UAE. As the threat of cyber-attacks has increased worldwide, there have been numerous reports of attempted attacks from external actors on critical infrastructure in the country. 

Since the Arab uprisings of 2011, however, internal "cyber-security governance", which has been utilised to quell the harbingers of revolt and suppress dissident voices, has become increasingly important to the Emirati government and other regimes across the region.

Authoritarian control

In the UAE, as with other GCC states, this has found legislative expression in the cybercrime law. Instituted in 2012, its vaguely worded provisions essentially provide a legal basis to detain anybody who criticises the regime online.

This was to be followed shortly after by the formation of the UAE’s own cybersecurity entity, the National Electronic Security Authority (NESA), which recently began working in parallel with the UAE Armed Forces’ cyber command unit, established in 2014.  

A network of Emirati government agencies and state-directed telecommunications industries have worked in loose coordination with international arms manufacturers and cybersecurity companies to transform communications technologies into central components of authoritarian control. 

In 2016, an official from the Dubai police force announced that authorities were monitoring users across 42 social media platforms, while a spokesperson for the UAE’s Telecommunication Regulatory Authority similarly boasted that all social media profiles and internet sites were being tracked by the relevant agencies.

000 OF77X

Crown Prince Mohammed Bin Zayed Al Nahyan of Abu Dhabi meets with US President Donald Trump in Washington in May 2017 (AFP)

As a result, scores of people who have criticised the UAE government on social media have been arbitrarily detained, forcefully disappeared and, in many cases, tortured.

Last year, Jordanian journalist Tayseer al-Najjar and prominent Emirati academic Nasser bin Ghaith received sentences of three and 10 years respectively for comments made on social media. Similarly, award-winning human rights activist Ahmed Mansoor has been arbitrarily detained for nearly a year due to his online activities. 

 

This has been a common theme across the region in the post-"Arab Spring" landscape. In line with this, a lucrative cybersecurity market opened up across the Middle East and North Africa, which, according to the US tech research firm Gartner, was valued at $1.3bn in 2016.

A modern-day surveillance state

In many respects, the UAE's surveillance infrastructure has been built by a network of international cybersecurity "dealers" who have willingly profited from supplying the Emirati regime with the tools needed for a modern-day surveillance state. 

Moreover, it has been reported that DarkMatter has been hiring a range of top talent from across the US national security and tech establishment, including from Google, Samsung, and McAfee. Late last year, it was revealed that DarkMatter was managing an intelligence contract that had been recruiting former CIA agents and US government officials to train Emirati security officials in a bid to bolster the UAE's intelligence body.

UK military companies also have a foothold in the Emirati surveillance state. Last year, it was revealed that BAE Systems had been using a Danish subsidiary, ETI Evident, to export surveillance technologies to the UAE government and other regimes across the region. 

'The million-dollar dissident'

Although there are officially no diplomatic relations between the two countries, in 2016, Abu Dhabi launched Falcon Eye, an Israeli-installed civil surveillance system. This enables Emirati security officials to monitor every person "from the moment they leave their doorstep to the moment they return to it", a source close to Falcon Eye told Middle East Eye in 2015.

The source added that the system allows work, social and behavioral patterns to be recorded, analyzed and archived: "It sounds like sci-fi but it is happening in Abu Dhabi today."

Moreover, in a story that made headlines in 2016, Ahmed Mansoor's iPhone was hacked by the UAE government with software provided by the Israeli-based security company NSO Group. Emirati authorities reportedly paid $1m for the software, leading international media outlets to dub Mansoor "the million-dollar dissident."

Mansoor's case is illustrative of how Emirati authorities have conducted unethical practices in the past. In recent years, the UAE has bought tailored software products from international companies such as Hacking Team to engage in isolated, targeted attacks on human rights activists, such as Mansoor.

The operations of DarkMatter, as well as the installation of Falcon Eye, suggest, however, that rather than relying on individual products from abroad, Emirati authorities are now building a surveillance system of their own and bringing operations in-house by developing the infrastructure for a 21st-century police state. 

[Source: This article was published in middleeasteye.net By JOE ODELL - Uploaded by the Association Member: Wushe Zhiyang]

Categorized in Deep Web
Page 1 of 3

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more