Source: This article was Published techrepublic.com By Alison DeNisco Rayome - Contributed by Member:James Gill

Worried about cybersecurity? Here are 10 activities that take place on the Dark Web that organizations should watch out for.

In the wake of seemingly constant high profile breaches, organizations are taking precautions to protect against cyber attacks, including raising security budgets and educating employees. However, the cost of a breach can be enough to significantly harm a company's finances and reputation: The average total cost of a data breach is $3.86 million, according to a recent Ponemon Institute report.

The ongoing risk of attack has led some organizations to seek new ways to proactively monitor the Dark Web for lost or stolen data, according to a Wednesday report from Terbium Labs.

1. Doxing of a company VIP

Dark Web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, the report said. There is often a motivation behind these posts, such as political beliefs, hacktivism, vigilantism, or vandalism. For example, the executive of a wealth management firm was included in a large-scale dox as the result of their political contributions, the report noted.

2. Full PANs, BINs, and payment cards for sale

The economy for payment cards on the Dark Web is strong, with a single card costing between $5 and $20. Sellers update markets with new cards regularly—sometimes even daily, the report said. And business and platinum cards will net criminals a higher price than average cards.

3. Guides for opening fraudulent accounts

On the Dark Web, you can find guides for sale that contain detailed, step-by-step instructions on how to exploit or defraud an organization, the report said. The guide serves two purposes: Criminals learn how to break into a company's systems and processes, and the company's brand name is promoted to criminals as a result of the listing. For example, when a major US bank changed security policies, criminals updated guides with techniques to get around those changes.

4. Proprietary source code

A leak of source code can allow competing companies to steal intellectual property, and also allow hackers to review the code for potential vulnerabilities to be exploited, according to the report. Leaks of source code from tech giants will make the news, but source code from others is regularly leaked on sites like Github and Pastebin, as developers seek advice and input from others, the report noted.

5. Dump of a database

Third-party breaches can put organizations at risk by revealing employee credentials that can unlock other accounts or provide information for phishing attacks. For example, if criminals can post an internal database, it reveals private contracts or partnerships between organizations and employee locations.

6. Template to impersonate a customer account

The Dark Web is full of account templates that allow hackers to pose as customers of financial institutions, telecommunications companies, and other service providers, the report noted. These templates are then used to solicit loans, open accounts, or as part of a broader scheme for identity theft or fraud.

7. Connections between employees and illicit content

Posts doxing individuals who engage in illegal activities on the Dark Web, such as child exploitation, can draw undue negative attention to their employers or affiliated organizations. For example, one post listed the full contact information for a tech company that accidentally provided tech support to a child exploitation site.

8. W2s and tax-fraud documents

Each year before tax season, there is a rush of Dark Web activity to gather compromised identity information and file fraudulent tax returns before the actual taxpayer can do so, the report said. This tax fraud is enabled by the sale of W2s and other tax fraud-specific documents, which can be tied back to the employers where those documents came from originally.

9. Secure access and specialty passes

While most of the materials on the Dark Web are for generalized personal information, vendors sometimes offer special access materials, ranging from amusement park tickets to military IDs. For example, one Dark Web market offered physical press passes designed to help cybercriminals pass as journalists at events, the report found.

10. Inexpert Dark Web searching

Despite the need to keep tabs on Dark Web activity, security vendors can accidentally expose an organization to harm by searching for information related to the company on the Dark Web. For example, one vendor searched for a CISO's name so many times on a now-defunct Dark Web search engine that the name made it to the front page of the site under "trending," the report noted.

Categorized in Deep Web

Cyber-crime has become one of the greatest threats to businesses, government institutions, and individuals, as hackers are constantly finding new targets and advanced tools to break through cyber defenses. As technology improves, new vulnerabilities are discovered and new obstacles challenge security professionals.

The past year was followed by a number of high-impact cyber-attacks. Namely, a number of devastating, high-impact cyber-attacks like rumors that the US election was hacked, marked 2017. Apart from the rumors regarding the hacked US election, there were ransomware attacks all over the world, and of course, the Equifax breach.

Unfortunately, as challenging as it is today, cyber-security threats will likely get worse in the future, as attacks get more sophisticated. As the years pass, the global security threat outlook keeps on developing. In order to fight this threat, all business entities must understand and learn how to cope with these global cyber threats.

In 2018, these cyber threats are expected to grow at a constant rate, as more complex challenges continue to surface, and cyber criminals keep coming up with new ways of attacking secure IT systems. The following are some of the biggest internet security threats that can impact the operations of IT-powered organizations in the year 2018.

Ransomware

Over the past 12 months, we saw a huge number of ransomware attacks. Ransomware is, in fact, a relatively simple form of malware that breaches defenses and locks down computer files using strong encryption. Then, hackers demand money in exchange for digital keys, needed to unlock the data. Quite often, especially if the encrypted data hasn’t been backed up, victims pay. This has made ransomware popular with criminal hackers, who have recently started demanding payment in cryptocurrencies which are extremely hard to trace.

Google, Amazon, IBM and other big cloud operators, have hired the best digital security that will protect them from such attacks. However, smaller companies can’t afford such thing, which makes them more vulnerable. For a small-scale local business, even a single tiny breach could lead to a big payday for the hackers involved. To prevent your computer from getting hijacked, avoid clicking on unknown links, keep security software up to date, and backup everything on an external hard drive.

Attacks on Cryptocurrencies

According to the latest research, currently there are 1324 cryptocurrencies in total, and this number is expected to increase. The rapid increase in the value of some cryptocurrencies has pushed thieves into massive criminal activities against virtual currency scheme. As more people mine cryptocurrencies on their computers, cybercriminals will organize more attacks designed to steal crypto coins from users, using malware to steal funds from victims’ computers or to deploy hidden mining tools on machines.

Threats to IoT (Internet of Things)

As the value of real-time data collection advances, day-by-day, individuals and business entities are increasingly making use of IoT devices. But, unlike our traditional devices, the IoT devices pose a significant challenge and a sense of less control, simply because they are not the best protected entities, and are susceptible to hacking. That’s why protecting them is so important and will continue to do so in 2018. Millions of connected devices have little or no defense against hackers who want to gain control of them and use them to enter into a network or access valuable data. The number of cyber-attacks powered by compromised IoT devices has become a great concern of the IT security industry, which is why IoT vendors are already putting more time and effort into securing their devices.

Source: This article was published alleywatch.com By VIVENNE CARDENASS

Categorized in Internet Privacy

News flashes and sound bites are constantly calling our attention to the latest hacks or threats to our cybersecurity that seem to be filling our social media news feeds and television reporting circuits. While there are plenty of bad actors out there hell bent on doing us harm, symbiotically living in the digital ethers and layers that make up the vast web, there are companies and organizations working in the background to protect and remediate any potential disasters.

Some of these online threats pose significant harm to our lives, our businesses and our finances. Some of them are easy to detect, while others have become increasingly challenging and more sophisticated over the years. They sometimes involve massive bot-nets of millions of devices all acting in concert with one another, and sometimes they're far more individualistic in nature, with specific high-value targets that involve social engineering and location tracking to ensure that their cryptic intentions are fulfilled.

If you've ever been the victim of a phishing scam online or you've ever had someone hijack your profile or social engineer you or your employees to gain access to critical corporate information and infrastructure, or to steal any amount of money from you through methods such as Instagram money-flipping, then you know just how painful this process is. Oftentimes, we search for ways to exact our revenge, usually falling flat on its face due to the anonymity of the World Wide Web.

So, how do you go about protecting yourself from these online threats and cyber criminals who are determined to extra money and valuable information from you?

Clearly, there is no full-proof method to protect yourself. As technology evolves, so do our methods for combating these online threats. However, that doesn't mean that the threats stop. They also evolve. They get smarter, more efficient and more scalable as the near-limitless reach of the web gives them unfettered access to potential billions of dollars in crimes against unassuming individuals and businesses from across the planet.

What Are The Top Online Threats In Cyberspace? 

While there are numerous threats that exist at every turn on the internet, there are 10 very significant threats that pose malicious harm to us. Understanding what these threats are that exist on the web and learning how to combat them is integral to conducting any semblance of business or personal activity these days. Falling for these is painful to say the least, but even more so when you didn't even see it coming from miles away.

One of the biggest and most challenging uphill battles here when it comes to online threats to our security is actually determining whether or not a visitor is human. Bots that crawl the web, or that are designed to somehow infiltrate systems and drop malware generally don't behave like humans. However, this isn't always something that's straightforward. How companies go about detecting automated software and threats in cyberspace has a lot to do with their potential to fall victim to these scams.

Not only is it important to institute a good set of habits when it comes to dealing with online threats like this, but it's also important to stay in-the-know. The more informed you are, the better off you and your employees will be. It's important to note that whatever you do, threats are always evolving. Locate reputable companies that you can work with to help alleviate some of the stress that failure might cause in this arena.

#1 -- Ransomware

One of the biggest ongoing concerns and threats to our digital existences has been the proliferation and exponential rise of ransomware. You know, the type of thing that locks you out of your computer with an impending countdown that signals the digital death of your entire virtual existence. As it counts down, threatening to encrypt every last shred of data, you realize the peril that digital criminals can inflict on their unassuming victims.

Your choices? According to Tod Beardsley, Director of Research at Rapid7, a firm dedicated to thwarting these types of attacks through some of their wildly-popular software platforms such as Nexpose and Metasploit, you should never pay the criminals because you don't know the outcome of whether your information will in fact be restored, or simply vanish into thin air.

Redundant backups should be a priority for you. Backup to an external drive somewhere on your network and to the cloud through DropBox or another provider. Rapid7, which oftentimes stress tests other corporations by hacking in an effort to expose security loopholes, working to ensure that networks are safe from potential attacks, knows a thing or two about this. Companies rely on their teams to ensure that they're protected, and they're often the first phone call many make when an attack like this and others do actually happen.

#2 -- Phishing schemes

A large majority of people get caught up in phishing schemes. Phishing schemes are engineered to get you to click on things and oftentimes they seem harmless. Simply click on a link and it will go to some URL. That's it. However, as harmless as they seem, phishing schemes can lead to to a number of major online security breaches if you're not careful. By paying close attention to what you're clicking on, you'll better be able to mitigate these types of attacks.

Once you're ensnared in this type of scheme, it's hard to untangle yourself. There are phishing schemes for bank accounts, email accounts, big e-tailers and other service providers that have massive footprints. The goal? Gain access to the consumer's account to do the most damage. If you think you were the victim of a phishing scheme, and you entered in your username and password somewhere online and things didn't seem right, immediately change all your passwords.

Another important thing to note is that most people use the same (weak) password across a variety of services such as Gmail, Facebook and online banking as one example. Never do that. Always use different passwords and ensure that they're not simple passwords to begin with. If a cybercriminal gains access to one service, you don't want them gaining access to the others. You should also be changing up your passwords every few months or so.

#3 -- Man-in-the-middle (MIIM) attacks

One of the most sophisticated threats that exist online are man-in-the-middle attacks. I've seen these threats firsthand and know just how malicious they can be. Everything seems okay all the way to the final point of entry (even when using 2-factor authentication). This malware sits on your computer and waits until you've entered in all your credentials, then it actually swaps out the server that receives the communication and even communicates back to you.

Throughout all of this, everything seems fine. Nothing seems amiss. That's why it's such a sophisticated online threat. You almost don't know that anything is happening when it actually is happening. You have to be very wary of what you download to your computer and what reputable sources they're coming from. Virus software is not going to help you in most cases here because these threats are always evolving.

Oftentimes, MIIM attacks are a result of phishing schemes that installed latent software on your computer that sits dormant for some time until you begin accessing the proper network or until its recorded the right keystrokes. It then substitutes its own intercepted server right when you submit your credentials to login.

#4 -- Ad fraud

Online ad fraud is far more widespread than anyone could possibly imagine. This is likely one of the biggest cyber-threats that seems to go under the proverbial radar. Few people know that they've been scammed by sophisticated ad fraud systems after it's occurred. Publishers simply see views increasing and most ad platforms don't provide high specifics as far as direct views on every single ad impression or click, leaving most people in the dark.

In a recent conversation with Tamer Hassan, CTO of WhiteOps, a firm deeply entrenched in the fight against automated ad fraud, they've taken this fight to a new level by developing a platform that actively measures 500 to 2000 technical metrics to determine whether the person viewing the ad is in fact a human or a robot. This software analyzes several layers at a time and its the leading platform amidst the largest publishers in the world.

This impressive system developed by Hassan and team runs silently in the background, with no impact on the speed or latency of ad serving or delivery. In fact, most publishers are now building White Ops' software into their contracts, stating that violations in ad clicks and views from bots will result in non-payment of revenues. This human verification on the web is potentially one of the most lucrative types of fraud that so many cybercriminals are working to exploit and companies are working to protect against.

#5 -- Social media schemes 

Instagram (IG) money-flipping schemes and many others social media scams have surfaced in recent years. Considering that IG is one of the most popular social media platforms in the world, it's no wonder that unscrupulous cybercriminals are targeting individuals who are in desperate situations, looking to make a few hundred or a few thousand dollars quickly. These IG money-flipping schemes have become so widespread that the company can only take down 1 money-flipping scam for ever 3 that are being created.

In a recent conversation with Evan Blair, co-founder of ZeroFox, a firm specializing in social media security, he tells me that 70% of companies are using social media for business but that a large majority of those companies are uninformed about potential impersonations of customer service representatives or duplication of accounts and impersonation of profiles, until it's too late. In fact, there's little that many of the most popular platforms like IG can do to safeguard against the windfall of social engineering and phishing that is constantly occurring against companies at any given moment.

However, this isn't just a risk to digital security; cybercriminals are now using IG and other social media sites to physically track and harm well-to-do executives, celebrities and other high-profilers such as athletes and even politicians. Without a good system to thwart such attacks, most businesses and individuals are completely left lost in the dark. That's likely why so many of the world's leading companies and affluent individuals rely on ZeroFox's groundbreaking platform to thwart and mitigate such attacks.

#6 -- Bitcoin scams

Bitcoin scams have been on the rise recently, especially since the cryptocurrency leaves little in the way of traceable information and unlike with the banking sector, the transactions are irreversible. For those particular reasons alone, cybercriminals have been flocking to the Bitcoin platform. In fact, a large part of their criminal activity is dealt with in Bitcoins for a great majority of their malware attacks that include ransomware and other hacking initiatives.

Considering that Bitcoin valuations have been fluctuating and that there is little in the way of current regulations in the marketplace, this will only continue to get worse. Be very wary of paying for things in Bitcoin and in clicking on any URLs that look deceiving. Read the URLs thoroughly enough to ensure that it's not a variation of a popular domain name, something that hackers and cybercriminals tend to do often.

If you feel like you've been the victim of a Bitcoin scam, it's best to contact the FBI or your local law enforcement agency. Bitcoin does have built-in protections such as wallet backups and multi-signatures, but that doesn't mean that scams don't happen. Cybercriminals are getting more sophisticated by the day so be careful and avoid anything that looks suspicious.

#7 -- Social engineering

Social engineering isn't a new threat. In fact, criminals have been using social engineering hacks in person for ages now. However, when it comes to fraud and other crimes occurring online, this threat is certainly on the rise. With the layer of anonymity that the internet affords, it's no wonder that social engineering works so well in this medium. Most aren't that careful about who they interact with or what type of information that they give out or expose online.

It's not inherently difficult for a criminal to Google the web to find information about a person in an effort to social engineer a scam against them. They can discover their occupation on LinkedIn, their family members or children on Facebook, where they are through Instagram or what they're talking about on Twitter. They can then work to infiltrate those profiles and take over a person's entire social media presence, and use that control to take over email accounts and eventually bank accounts and so on.

It's important to be very careful about who you interact with and what information you expose to the general public. Utilize the privacy features on platforms like Facebook or Twitter and be sure not to share too much personal information on platforms like Instagram. If you do, make your profiles private so that not everyone can track your every movement.

#8 -- Targeting employees to compromise corporate networks

Another major online threat involves directly targeting employees to compromise corporate networks. Since some employees act as the gatekeepers into their corporate networks, there's no surprise that this is on the rise. For example, a large part of the wire fraud that occurs happens because cybercriminals successfully target the right employees to compromise the company's corporate network, allowing them almost unfettered access and approval to steal millions of dollars with ease.

Vulnerable employees also act as a gateway into a corporation's email servers, files and databases, where these cybercriminals can do massive amounts of damage. Employees need to be very careful on social media networks about who they interact with or through what phishing schemes that they click on and unknowingly provide credentials to. ZeroFox's game-changing software helps to alleviate a large part of this worry for most large companies, but not everyone is proactive enough to engage in their services.

Without using a company like ZeroFox, most corporations have no idea about what threats exist out there to their employees or their networks, and it really is one of the most revolutionary platforms that exists out there. Either way you cut it, employee education is a must here to ensure any potential attacks are thwarted before they even begin.

#9 -- Tracking movements for physical targeting

One massive online threat that exists, which can also help put your physical safety into peril, is the tracking of movements through social media and other channels. For consumers, this is an enormous risk, especially for those individuals that aptly portray a lavish lifestyle, traveling around the world. When cybercriminals know that you aren't home, it's simple for them to break into your home and steal your belongings.

You don't need to be uber-wealthy in order to be targeted. Criminals will target all types of individuals through social media channels, able to see when they're home and when they aren't. If you go on vacation, be careful of what information you're sharing and whether or not your profile is public or private. If you don't have home security systems installed and don't want to be a victim of a crime, be very wary about what you share.

Much of this remains common sense, but our physical security can also be put at risk if criminals know where we're going and learn what our routines and schedules might be. They can use that information to do all sorts of bad things to us, virtually and physically, so be very careful.

#10 -- Customer service interception

One of the gatekeepers to any company are their customer service representatives. They are one of the most proliferous category of employees who are interfacing with the clients on a daily basis. However, as skilled as they might be at their jobs, they are often unaware of the online threats that most cybercriminals pose when interacting through a number of mediums. In fact, cybercriminals are known to replicate profiles and post throughout social media to draw attention to unassuming individuals.

They do this in an effort to gain access to accounts, alter the awareness of the general public and to funnel or filter payments and other inquiries that might otherwise alert companies to something that's amiss. This is an enormous threat to businesses, and those without a system like ZeroFox or something similar, will most likely be unaware until the very last moment that a crime actually occurs.

Not only is this bad financially speaking, but it's also bad for a company's reputation. When a customer is angry, they often don't care whether they were speaking to an imposter or the actual company's representative themselves. At that point, it's usually too late to put out the fire. If you're a business and you're serious about your company's online security through social media channels, it's important to invest in a platform to help you mitigate such attacks.

 Source: This article was published forbes.com By R.L.Adams,

Categorized in Internet Privacy

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now