fbpx

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

 

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web
Although both the deep web and dark web are the hidden sections of the internet, they are not synonymous and should not be confused with each other

The terms ‘dark web’ and ‘deep web’ are often interchangeably used to describe the section of the internet that is home to criminal activities. To understand the difference between the dark web and the deep web, we must understand the different layers of the internet, as detailed below.

Surface web: The first layer of the World Wide Web is the surface web, which is also known as the visible web or the clear web. It comprises websites that are indexed by common search engines such as Google, Yahoo, Bing, and so on. These websites are available for public access without requiring permissions. It is believed that the surface web constitutes only 3-4% of the entire World Wide Web; however, according to Wikipedia, the figure stands at 10%. This means the millions of search results conducted every second are but a minuscule percentage of the overall internet!

 

Deep web: A step further below the surface web is the deep web. The deep web is estimated to be nearly 500 times the size of the surface web or 90% of the entire internet. This section of the internet comprises websites and data that are not indexed. They are protected from search engines and crawlers by way of encryption.

Any data behind a firewall, be it data servers, organizational intranets, or archives, belong to the deep web. A website in the deep web would require you to enter your unique username and password combination to access. Probably, the simplest examples of a website in the deep web can be web-based email, social media platform, online banking, or web-based subscription service. That brings us to the question – whether the deep web is illegal to foray into? The answer is No.

Dark web: The deepest layer of the World Wide Web is called the dark web. Although a part of the deep web, dark web goes further deep. It is a subset of the deep web and the key difference between the two is that the deep web can be home to both good and bad data, whereas the dark web is mostly illicit.

As per some estimates, the dark web probably constitutes only 0.1% of the entire internet but is the hotbed for many illegal activities. The dark web can be termed the underbelly of the internet, as it facilitates crimes such as sale/purchase of stolen data, fake identity proofs, porn, drug trafficking, contract killers, sale of arms and ammunition, and so forth.

It is the infamous part of the internet where data is intentionally hidden and criminal activities are rampant. It requires special software – such as The Onion Browser (Tor), Freenet, or I2P (Invisible Internet Project) – to access the dark web. This is because the dark web can be accessed only by anonymous users, which common browsers do not allow. Common browsers track the IP address of the users and hence enable identification of the user – something which is undesirable in the dark web.

Access to the dark web is not illegal but is fraught with numerous risks. Therefore, it is recommended to stay away from the dark web, as it can be highly dangerous.

[Source: This article was published in dqindia.com By Neetu Katyal - Uploaded by the Association Member: Deborah Tannen]

Categorized in Deep Web

Law enforcement agencies working online benefit from machine learning (ML) and artificial intelligence (AI) , which lead to leading solutions. ML and AI work together, and automated methods can search the dark web, detect illegal activity and bring malicious actors to justice. 

The interface between AI and GIS has created enormous possibilities that were not possible before. The field of artificial intelligence (AI) is so advanced that it exceeds or exceeds human accuracy in many areas, such as speech recognition, reading and writing, and image recognition. Together, ML and AI are rapidly making their way into the world of law enforcement. 

AI, machine learning, and deep learning help make the world a better place, for example, by helping to increase crop yields through precision farming, fighting crime through predictive policing, or predicting when the next big storm will arrive, whether in the US or elsewhere.

As fraud detection programs are driven by artificial intelligence (AI), many of these chains turn to AI to ensure that they use various techniques to stop bad actors in advance. Broadly speaking, AI is the ability to perform tasks that typically require a certain level of human intelligence. 

 

Reward programs are particularly popular because they can store large amounts of valuable data, including payment information. Reward points are also valuable because bad actors can spend them or sell them on dark web marketplaces. 

Coffee giant Dunkin 'Donuts was the victim of a hacker attack in October 2018, and the fraudsters who initiated the program were able to sell users' loyalty credits on dark web marketplaces for a fraction of their value. Sixgill is a cyber threat intelligence service that analyses dark web activity to detect and prevent cyber attacks and sensitive data leaks before they occur. Using advanced algorithms, its cyber intelligence platform provides organisations with real-time alerts and actionable intelligence that priorities major threats such as cyber attacks, data breaches and cyber attacks. 

New York City-based Insight has developed a threat detection platform that uses artificial intelligence and machine learning to scan deep and dark networks for specific keywords to alert potential targets. Sixgill investigates the Dark Web, the Internet of Things, and other areas of human activity to identify and predict cybercrime and terrorist activity. While the darker web requires someone to use the Tor browser, it can also be accessed by someone who knows where to look. 

That's why AI and ML are used to bring light into the dark web, and they can sweep it away faster than a person could. The IntSights report primarily scans deep and dark nets for the latter, but it can also scan the darker net, though not as fast or as far as a person could do, the report said. 

The problem with using AI and ML for this job is that there is not enough clarity: 40% of the websites on the dark-net are completely legal. The remaining 60% are not, and this includes anonymous transactions that are legal, according to the IntSights report.

 

 

Good cybersecurity practices can reduce the risk of information being collected and sold on the dark-net. Reporting incidents to law enforcement can generally reduce the risk, and a quick response to incidents can help minimise the damage. According to IntSights, law enforcement agencies around the world seized more than $1.5 billion worth of malicious software in 2017. 

Cobwebs Technologies' confusing tool can also search for information about possible crimes before they happen. Cobwebs Technologies' involvement tools can also search for information about potential crimes before they happen, and they are available to law enforcement free of charge. 

Cobwebs Technologies "confusing tool scans the deep dark web to identify and find connections between people's different profiles, displays the information in graphs and maps, and presents it in a variety of formats. It uses artificial intelligence and machine learning to search for keywords that contain information about people, such as their social media profiles and social networks. Tangle can also generate alarms to alert officials to potential threats extremely quickly. Monitoring people's activities on the dark web and other social networks can help officials pinpoint their plans.

Criminals now routinely use the internet to keep their criminal businesses under wraps, and artificial intelligence could help catch paedophiles operating on the dark-net, the Home Office has announced. The company's co-founder and chief technology officer, Dr Michael O'Brien, said: "Our company has developed an AI-based web intelligence solution to make the web safer by enabling law enforcement and crime analysts to uncover the hidden profiles of criminals, drug dealers, money launderers and other criminals lurking in the deep darknet. 

Earlier this month, Chancellor Sajid Javid announced that £30million had been made available to tackle child sexual exploitation online, with the Home Office revealing details on Tuesday of how it will be spent. The government has promised to spend more money on a child abuse image database that, since 2014, has allowed police and other law enforcement agencies to search seized computers or other devices for indecent images of children to help identify victims. Some aspects of artificial intelligence, including language analysis and age assessment, have been used to determine whether they would help track down child molesters.

[Source: This article was published in aidaily.co.uk By Manahil Zahra - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

 Threat intelligence firm KELA shared a list of more than 900 Pulse Secure VPN enterprise server usernames and passwords with ZDNet, which a hacker had posted on the dark web in plain text.

The usernames and passwords, as well as IP addresses, from more than 900 Pulse Secure Virtual Private Network enterprise servers were posted in plain text on the dark web by a Russian-speaking hacker, first reported by ZDNet.com, which obtained the list with help from threat intelligence firm KELA. 

The list contained Pulse Secure VPN server firmware version, SSH server keys, all local users and password hashes, administrator account details, previous VPN logins with cleartext credentials, and session cookies.  

The authenticity of the list was verified by multiple cybersecurity sources. Further, the list was published on a forum frequented by popular ransomware threat actors, such as REvil and NetWalker. 

 

 

The leak was first discovered by researchers from Bank Security, which observed that the VPN servers listed by the hacker were operating with the firmware version that contained the CVE-2019-11510 vulnerability patched by Pulse Secure in early 2019. 

The Department of Homeland Security and other security researchers have repeatedly urged organizations to patch this critical vulnerability, as hackers continued to target the flawThose targeted attacks continued through January 2020. 

And in April, DHS warned that hackers were using stolen credentials to crack into enterprise networks through the Pulse Secure VPN, even if the vulnerability was patched. 

To find vulnerable VPNs, it appears that the hacker who compiled the list scanned the internet IPv4 address between June 24 and July 8, 2020 and leveraged the known vulnerability to access servers. Then, the threat actor gathered the server details and credentials, collecting the data into a central repository. 

Reviewing the list, it appears that 677 companies failed to patch the Pulse Secure VPN vulnerability. 

VPNs are one of the most common, secure methods used to remotely connect to the network. But as remote connections and telehealth use expanded amid the COVID-19 pandemic, the threat landscape has become much more complex. 

Pulse Secure CMO Scott Gordon told HealthITSecurity.com in March, that in healthcare, providers need to be employing endpoint protection and modern VPN solutions “where you’re encrypting communication session between the device and the data between the practitioner’s devices and application.” 

Since you are now expanding VPN use to more sets of employees contracts and affiliates you should for sure that the VPN software is up to date and current to eliminate the potential VPN vulnerabilities,” Gordon said, at the time. “They’ve essentially broadened the attack surface. Every end user accessing information and resources are now part of their attack surface, and they want to do everything they can now that they've added greater accessibility.” 

To Laurence Pitt, Global Security Strategy Director, Juniper Networks, its unacceptable that organizations failed to patch the vulnerability more than a year after a fix was provided, which allowed for cleartext data dump to occur. 

Further, security researchers have repeatedly provided proof-of-concept data that showed just what could occur if the enterprise left the vulnerability exposed.   

“The lesson learned here? Patch, patch, patch,” Pitt said in an emailed statement. “The data published lists only 900 servers. What we do not know is how many more have not been released – or, which of these could be sensitive servers that are now being poked and prodded in planning for a bigger attack.  

If you are running an older version of code on a service as critical as the VPN is today, then find the latest version and get that upgrade planned, he added.

Healthcare organizations should review insights recently provided by the National Security Agency to better understand the risk and best practice methods to secure VPNs, telework, and other remote sites.

 

[Source: This article was published in healthitsecurity.com By Jessica Davis - Uploaded by the Association Member: Jeremy Frink]

Categorized in Deep Web

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

 

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web in general is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support, but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time, was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic, and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

 

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Daniel K. Henry]

Categorized in Deep Web

Welcome to TechTours, where we will delve a little deeper into the questions many are too afraid to ask, and dive into the pools that most would just like to dip their toes. Today, we tackle the dark web. 

The notorious dark web has been the subject of many IT discussions and curious minds in the last few years. With the rise of cryptocurrencies and hacking groups like Anonymous, many wonder what is behind the curtain, and how to take a peek. 

The difference between clear, deep and dark web

Clear web is what we use every day. Everything that can be indexed or “found easily” will be classified under clear web. The terms “deep web” and “dark web” however, are often mixed up but they could not be more different. 

The deep web refers to items that can be accessed via a search engine  but are blocked by paywalls or subscriptions and sign-in credentials. It also includes any content that its owners have blocked web crawlers (such as search engines) from indexing. The deep web is estimated to make up between 96 and 99% of the internet.

 

The dark web is a subset of the deep web that is a lot more difficult to access, and where most of the illicit activity can be found. This requires a specific type of browser to access and is estimated to make up about 5% of the internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name. 

What is the dark web? 

The dark web is the “underside” of the internet that isn't indexed by major search engines. By now, you have probably heard about the dark web being a proverbial dark alley of illegal activity and in many cases, it is. 

On the dark web you will find immeasurable amounts of ways to buy credit card numbers, lifetime Netflix accounts and even counterfeit currency. It goes without saying that it would not be a great idea to put in banking details or any personal information on there due to the dangerous nature of the anonymity of its users. It would also be illegal to purchase the aforementioned products.

But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor”.

How is the dark web accessed?

The thought of accessing a global marketplace where everyone is free to sell what they want, when they want, might sound enticing. I assure you, as can be expected with a platform where everyone is anonymous, accessing the dark web is not easy and it is incredibly easy to be scammed. 

Accessing the dark web requires the use of a browser called Tor. The Tor browser basically hides you from everyone else by routing your web page through a variety of servers making your IP address unidentifiable.  

Some positives of the dark web

Despite its “dark” reputation, the dark web also provides an access point for people in countries where digital restrictions are stifling them. People are turning to the dark web for freedom of speech and privacy. Just like the “clear” web, the dark web is filled with social media platforms, email services and even gaming websites. However, due to the use of browsers such as Tor, you are kept fully anonymous.

The dark web is also being used to expose corruption. News channels such as Fox, CNN and NBC have all got open sites on the dark web in order to receive anonymous tips from online users. In addition to this, due to the anonymity that the dark web provides, many users on the dark web use it to share personal stories. This ranges from advice on drug addiction, sexual abuse and many other personal stories people are afraid to share on the clear web. 

There are also a growing number of medical professionals using the dark web who consult with patients who would rather keep their medical conditions anonymous. 

Another reason people are moving to the dark web is to make anonymous purchases. We do not condone buying illegal items but recognise that there are legitimate reasons to buy products and services on the dark web such as buying specific security software and electronic devices. There are also tons of online communities where no matter what your passion is, you will probably find a forum for it. A note of caution is always avoid forum discussions pertaining to illegal activities. 

The dark web is an interesting place filled with a myriad of forums, marketplaces and illegal items but as mentioned previously, there is little to no policing. 

If your intention to use the dark web is to remain anonymous and find like-minded people then this is the place for you. One thing is for certain, like walking through a shady part of town, you will find lots of bargains and interesting things to see. Just don't go down the dark alley and check what people are selling from their trench coats. 

* Independent Media will not be responsible for person/s using the dark web irresponsibly. Please proceed with extreme caution when doing so and steer away from illegal activity. 

 

[Source: This article was published in iol.co.za By Faheem Khota - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

A Trend Micro study reveals that trust in Deep Web marketplaces is diminishing due to law enforcement efforts to shut down illegal activities.

new study has revealed that the dark web marketplace isn’t as safe for users’ anonymity as it was believed to be due to the simple fact that authorities are cracking down on the presence of online marketplaces, which makes it hard to keep the constant and reliable presence. 

According to the study published by the cybersecurity company Trend Micro, the crackdown on marketplaces like Dream Market, Wall Street Market, DeepDotWeb, and Valhalla has generated a huge discontent among their userbases due to the lack of security infrastructure from the said websites. The security flaws on these websites may well result in the loss of anonymity for their users, which is the main draw to their businesses. 

Exit Scams are Rampant

The increase in the precedents of exit scams from the online stores has resulted in a considerable slowdown of sales. Exit scams are the type of activity where the website shuts down suddenly without delivering the orders thus stealing money from the customers. Undercover operations from the law enforcement forces from all over the world have also been on the tail of these websites thus the increase in mistrust.

Users have started countering these scamming websites via the creation of the DarkNet Trust website where the reputation of the companies can be found by searching for their usernames and Public Key (PGP) fingerprints. 

In countries like Australia, for example, gambling is legal in general however the citizens are not allowed to gamble with the locally registered websites. The law specifically mentions engaging in wagering with real money. Since Australia does not recognize the cryptocurrencies as “real money” this creates a loophole in the legal system. Although, it’s obvious that this is all done for anonymity, and due to the increase in concerns of government agencies spying on the users, this has become an issue for a lot of people. The biggest draw to the darknet has been on the cryptocurrency market. Since trading is illegal, cryptocurrencies are acquired through the dark web in order to mask activity as much as possible, later used in any bitcoin casino Australia has listed within its borders, and then withdrawn as real cash with minimum payments to be made to the government.

Apart from this, the administrators of the darknet marketplaces were forced to implement additional security methods like two-factor authentication, multi signatures, wallet fewer transactions on Bitcoin (BT), and Monero (XMR) with the addition of rooting out the usage of JavaScript due to easily exploitable nature of the scripting language.

A wallet less payment is when a transaction is made from the user to the vendor directly and the marketplace getting a monthly subscription instead of a per-transaction fee. The Protonmail has also been under attack from the users since the accusations of them assisting law enforcement agencies have been circulating around the net. It is also worth mentioning that an anonymous hacker has cracked open the databases of Daniel’s Hosting, which is the largest free web-hosting provider on the darknet. This resulted in the takedown of over 7000 websites and their databases leaked and consequently the pages being deleted as a whole. Also, around 4000 emails have been leaked.

 [Source: This article was published in bitrates.com - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Deep Web

While the dark web offers a haven for criminals and serves as inspiration for Hollywood blockbusters, it’s much more mundane in real life. Still, many businesses feed into the fallacies surrounding the dark side of the Internet, ultimately delaying their ability to protect employees and consumers.

Our industry really needs to shed some light on the largest misconceptions associated with the dark web. Equipped with these new insights, we can empower security pros to explore the dark web and gain knowledge that will strengthen their security posture. But before we can debunk any misconceptions, companies must first understand the basics.

The dark web resides on a portion of the Internet where communications and transactions are carried out anonymously. Separate networks like TOR, Blockchain DNS, I2P, and ZeroNet make up the dark web and have different access requirements and resources. Cybercriminals and threat actors typically use these networks to securely and secretly coordinate crime functions, and openly discuss terrorist tactics, techniques and procedures (TTPs). The dark web also serves as a marketplace to buy or sell goods or services, such as credit card numbers, social security numbers, all manners of drugs, and stolen subscription credentials. It’s a long list.  

 

There’s also practical value for legitimate security organizations to access the dark web. Cybersecurity teams can track for evidence of attacks in various stages of execution. Today, companies are applying intelligence requirements processes to determine what they should do with the information they discover, like monitoring for vulnerabilities that are weaponized in malware families. To monitor the dark web successfully, organizations should carefully weigh options between people and technology. They must invest in both: people deliver context and expertise, while technology helps teams scale.  

Now that we understand a bit more about the dark web, let’s dive into the four biggest misconceptions:

Misconception: The dark web doesn’t have a good side.

Reality: Dissidents and civil rights advocates use the dark web to communicate in repressive governments around the world.

Understandably, the dark web gets a lot of bad press, which leads many to believe that it’s inhabited exclusively by nefarious types. However, it has many benign practices that organizations can partake in. For example, the Tor network was initially developed by the United States Naval Research Laboratory to protect U.S. intelligence communications from surveillance. Anonymity and protection from surveillance have made the Tor network and other parts of the dark web an invaluable tool for dissidents and civil rights advocates under repressive regimes, journalists, and whistle-blowers. The New York Times makes its website available as a Tor Onion Service for readers in countries that block access to the newspaper’s regular website, or who worry about their web activities being monitored.

Misconception: The dark web houses the majority of digital threats facing businesses.

Reality: Security pros find important communications tools on the dark web.

Contrary to popular belief, the dark web does not serve as a home to a majority of digital threats facing businesses. Although it includes a few thousand sites, it only makes up a relatively small portion of the deep web. People are often surprised to learn that more digital threats appear on the surface web than on the dark web. Communication, collaboration and transactional tools are all available on the dark web. These include forums and chat rooms, email and messaging applications, blogs and wikis, and peer-to-peer file-sharing networks.

Misconception: Organizations can’t mediate or anticipate dark web threats.

Reality: Security teams comb the dark web to prevent future attacks and takedown bad sites.

Although organizations can’t influence sites or marketplaces found on the dark web, the material found there can help discover sites and social media accounts on the surface web used for launching attacks, carrying out phishing campaigns, and selling counterfeit and stolen goods. By leveraging insights from the dark web, security pros can regularly “takedown” those websites and accounts from the surface web.

Misconception: Monitoring the dark web takes money – and it’s slow.

Reality: Doesn’t have to be that way with the right mix of people and technology.

Monitoring the dark web requires some skill, but it isn’t necessarily a slow and expensive process. Typically, organizations gravitate towards data loss protection (DLP) services, which ensure sensitive data doesn’t get lost, misused, or accessed by unauthorized users. Having the right technologies and people, and sometimes with outside DLP services, companies can prevent attacks and at a relatively modest cost.

Habitually categorized as an asylum for criminals of all stripes, the dark web holds an opportunity for organizations hoping to detect data breaches and anticipate and thwart attacks. While other companies are already profiting from monitoring and tracking certain areas of the dark web, others struggle to even understand and dispel its misconceptions. With some minimal investment, companies can establish comprehensive visibility across multiple digital networks. This will let them discover threats sooner and take action wherever attackers are vulnerable along their kill chain. With this level of visibility and understanding, companies can shed their fear of the dark web and have confidence in their digital risk protection program.

 

[Source: This article was published in scmagazine.com By Zack Allen - Uploaded by the Association Member: Alex Gray] 

Categorized in Deep Web

Introduction to dark web fraud

Dark web fraud constitutes a global information security problem. The widespread availability of how-to guides providing instructions on how to commit such fraud exacerbates the problem even further.

Before examining these how-to guides in detail, we need to explain the meaning of “dark web.” The web includes two main layers: the surface web, which consists of any content indexed by search engines, and the deep web, which comprises all content that is not indexed by search engines. Content in the deep web can be hidden behind paywalls, firewalls and other types of protection.

 

The dark web constitutes a small portion of the deep web and appeared as a result of the development by the United States of software known as Tor. It allowed internet users to encrypt their location and information they sent and received. This, in turn, ensured their anonymity and privacy. The dark web is often used by criminals for various malicious purposes, such as sales of guns, drugs and other illegal materials. It is estimated that the content available on the dark web constitutes less than 0.005% of the content available on the surface web.

Large volumes of content exchanged through the dark web include how-to guides. According to a Terbium Labs study that covers three major dark web exchanges, 49% of the data sold through those exchanges consists of how-to guides. 

In this article, we will examine the types of how-to guides sold through the dark web. Afterwards, we will discuss their reliability. Finally, we will provide concluding remarks.

Typology of how-to guides

How-to guides can, depending on their purpose, be divided into five categories: account takeover, phishing, doxing, cashing out and synthetic identity fraud. 

1. Account takeover

The term “account takeover” refers to a situation where a fraudster gets unauthorized access to a genuine customer’s account, such as online banking accounts, email accounts and accounts providing access to subscription services. Once the fraudster gets access to a customer account, he or she may use it for various purposes, including but not limited to purchasing goods or services, acquiring more sensitive information which can be used to blackmail the victim and spreading malware to the contacts of the victim.

How-to guides may include detailed instructions on how to use software for automatic detection of vulnerabilities in corporate computer systems. It is believed that such software was used to conduct the British Airways cyberattacks, which enabled hackers to access tens of thousands of frequent-flyer accounts.

2. Phishing

How-to guides may also teach criminals how to conduct phishing attacks. Research conducted by Cyren revealed that 5,335 new phishing how-to guides were made available in 2019 alone. The same research indicated that 87% of the phishing how-to guides included at least one evasive technique, such as content injection, HTML character encoding, and the inclusion of URLs in attachments.Let’s look at those a little more closely. Content injection refers to changing the content of a page on a legitimate website in such a way as to redirect users of that website to a phishing page. HTML character encoding means the inclusion of phishing code in a webpage in such a way as to prevent security crawlers from detecting keywords associated with phishing (e.g., “credit card” and “password”). The inclusion of URLs in attachments is a technique allowing fraudsters to hide links to phishing websites in files.

 

3. Doxing

Doxing is the practice of finding out sensitive information about an individual or organization and making it publicly available with the aim to harass, shame or extort the victim. Doxing how-to guides contain instructions on how to find sensitive information, how to post it in such a way as to prevent the removal of the information and how to obtain monetary gain through extortion.

4. Cashing out

Cashing-out how-to guides contain instructions on how to cash out voucher codes, bank accounts, credit cards, gift cards and other payment methods. In some cases, such guides may provide links to e-commerce websites that can accept stolen financial data purchased through the dark web. In other cases, they describe the steps one needs to take to clone payment instruments, such as debit and credit cards.

5. Synthetic identity fraud

To commit a synthetic identity fraud, one needs to combine stolen information from unsuspecting individuals and combine it with false information, such as dates of births, addresses and names. The resulting synthetic identities are less likely to be detected because of the lack of a clearly identified victim.A report from the US Federal Reserve indicates that synthetic identity theft constitutes the fastest growing type of identity fraud. In 2016 alone, the losses caused by this type of fraud exceeded USD 6 billion. Many how-to guides contain detailed descriptions of methods used to combine actual and fake data in such a way as to mislead the relevant financial institutions into believing that the synthetic identities are genuine.

The reliability of the how-to guides

How-to guides are highly unreliable. In many cases, they provide no useful information and the buyer cannot demand his or her money back. In this regard, Tyler Carbone, a CEO at Terbium Labs, noted: “Ironically, many fraud guides are themselves fraudulent. Bad actors create fake guides, and try to make a profit selling them before buyers catch on.” Of course, this is not surprising as people who teach others on how to commit fraud should not be expected to be honest and ethical. 

Some how-to guides may even include malware to be used by their buyers to commit fraud. Quite often, such malware may actually infect the computers of the buyers. Thus, the buyers who pay for purchasing how-to guides may actually pay for infecting their own computers.

According to the researchers of Terbium Labs, about 11% of all how-to guides are fraudulent. Although the remaining 89% how-to guides contain genuine information about how to commit fraud, many of them contain obsolete data (more than a decade old) or duplicated data (e.g., publicly available data repackaged by the hackers as their own).

Irrespective of the reliability of how-to guides, these materials may provide people with weak computer skills with the opportunity to conduct serious cyberattacks. This is not only because they often contain detailed and simple instructions, but also because they may include ready-made malware that can be used during the attacks and databases of stolen sensitive information which can facilitate fraudulent operations. The average price of stolen sensitive information on the dark web is about $8.50, but one can find such information even at the price of $1.

Concluding remarks regarding how-to guides

How-to guides have the potential to increase the number of global cyberattacks because they reduce the financial and competence requirements required for conducting such attacks. Anyone who can pay about $4 for a how-to guide or about $16 for a collection of how-to guides under a single listing is now able to engage in account takeovers, phishing, doxing, fraudulent cashing-out, synthetic identity fraud and other malicious activities. 

This means that how-to guides can be regarded not only as an information security problem but also as a social problem because their use can lead to the paralysis of the functioning of various social organizations such as governments, hospitals and companies.

 

[Source: This article was published in resources.infosecinstitute.com By Daniel Dimov - Uploaded by the Association Member: Jason bourne]

Categorized in Deep Web

In 2020, phishing is just about the common kinds of cyberattacks on businesses and individuals alike. 56% of IT decision-makers state that phishing attacks will be the top security threat they truly are facing, with 32% of hacks involving phishing. Here is video phishing and how you protect your self.

Phishing is no longer limited to emails from Nigerian princes offering the recipients massive returns on investments.

Many phishing messages and internet sites have become sophisticated to the point that users are no longer in a position to recognize them without specific training. Google now blacklists an average of 50,000 internet sites for phishing every week.

On the upside, the ways that it is possible to protect your self from phishing attacks have evolved aswell in recent years. They range from using up-to-date firewall software to using secure platforms such as for example cloud-based business phone services.

A new threat is looming on the horizon: video phishing.

Driven by technological advances, artificial intelligence, and machine learning, this new trend has the potential of causing catastrophic security breaches.

Keep reading to find out what video phishing is, what it seems like, and how you can protect yourself.

 

How does Video Phishing work?

Surprise! Elon Musk is interrupting your Zoom call.

Sounds fake? It is.

But it looks disturbingly real.

See the end of the document for embed.

The video above shows a software of Avatarify, a tool manufactured by a researcher to transform users in to celebrities in real-time throughout Zoom or Skype calls. Its inventor, Ali Aliev, says that the program’s purpose was to have some fun throughout COVID-19 lockdown — by surprising friends during video conferences as Albert Einstein, Eminem, or the Mona Lisa.

The technology behind donning someone else’s animated face like a mask is called deepfaking.

Deepfakes are relatively new applications of machine learning tools. These tools generate realistic faces by analyzing 1000s of videos and images of a target’s face and extracting patterns for common expressions and movements. Then, these patterns can be projected onto anybody, effectively morphing them in to someone else.

You utilize the image of  Elon Musk. Or President Obama. In fact, a deep fake video of the former President calling his successor ‘a total and complete dips**t’ went viral in 2018.

The implications of this technology for cybersecurity are wide-reaching and potentially disastrous.

BECAUSE RATHER THAN TROLLING YOUR PALS, OR INSULTING PRESIDENT TRUMP VIA SOME BODY FAMOUS DEEPFAKES — YOU WON’T KNOW IF IT’S FRIENDS BEING COMICAL — OR THE DANGEROUS, VIDEO PHISHING.

What will be the Dangers of Video Phishing?

According to CNN, the majority of deepfake videos on the net as of the conclusion of 2019, were pornography. In total, 15,000 of such videos were counted. That might not seem like much, taking into consideration the vastness of the internet.

 

The reason behind these rather limited numbers has been that generating convincing deepfakes has a fair amount of computational power. Avatarify, for example, takes a high-level gaming PC to operate properly.

But lower-quality applications have been completely developed, like a face-swapping app that got banned again fairly quickly.

It is a question of time before deepfake technology becomes widely available. And widely used for cybercrime.

Some of those scams have been completely recorded and you can find them on YouTube.

In one case, hackers used similar technology to deepfake the voices of Chief executive officers and sent voicemail messages to executives. They succeeded in effecting a transfer of a mind-boggling $243,000.

In still another case, three men were arrested in Israel for swindling a businessman out of $8 million by impersonating the French foreign minister.

Experts already are warning against other possible applications of deepfake videos for frauds to generate funds. One scenario, for example, is extortion. Hackers could threaten the release of a video containing content that may be damaging to a person’s or business’ reputation. Such content could range from straight-out pornography to the CEO of a business endorsing racist views.

As experiences have shown, that may be disastrous. For businesses, even the regular type of ‘fake news’ might have catastrophic impacts on industry relationships, and even their stock market values.

“Those kinds of things can put a company out of business through reputation damage,” Chris Kennedy of the AI cyber-security platform AttackIQ said in a recent interview with Forbes. “We’re hitting the tipping point in which technology is taking advantage of the biggest human weakness, we’re over-trusting.”

How to Defend Yourself against Deepfake Video Phishing

Today, having a higher cybersecurity standard is more important than in the past. With on the web life proliferating during the COVID-19 crisis, scams and phishing attacks have flourished aswell.

The good news regarding phishing videos is that the technology, as of 2020, is still relatively new, and the case numbers relatively low. That means that individuals and companies have time and energy to prepare, and disseminate information to ward against such attacks.

Know the essential defense moves

As a most basic kind of defense, careful attention is advised in the event that you receive an unsolicited video call, particularly from some body famous or in a position of authority. Never trusting caller IDs, hanging up instantly, and perhaps not sharing any information on such calls is important.

 

If you receive video messages that could be authentic, nevertheless, you are uncertain about it, you should use software to find out if that which you are facing is a deep fake. For example, businesses such as Deeptrace offers computer software with the capability to recognize AI-generated video content.

Apart from that, some low-tech solutions to force away video phishing are having agreed-upon code words when communicating about painful and sensitive information via video messaging, using a 2nd communication channel to confirm information, or asking security questions that your interlocutor can only answer if they are the real thing.

Basically, pretend you’re in an old James Bond film. ‘In London, April’s a Spring month’ and all that.

Final Thoughts

Using AI to morph into somebody else and extract sensitive information may still sound futuristic. But it’s only a question of time until video phishing hits the main-stream.

As technology advances and artificial intelligence and machine learning applications to copy the face area and voice of people become widely available, how many deepfake scams is set to undergo the roof.

[Source: This article was published in digitalmarketnews.com By Kanheya Singh - Uploaded by the Association Member: Issac Avila]

Categorized in Deep Web
Page 1 of 15

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more