Dark Web Tools and Services That Present Enterprise Risk
Deep Web is the major part of the internet which consists of 90% of the internet. The other two parts comprises the internet world is the surface web and the Dark Web. The Dark Web is sometimes also referred to it as the Darknet. To understand all the three layers of the internet that consists of all the three layers mentioned above, the image that mostly resembles is the picture of an iceberg that is afloat.
The top most part of the iceberg that is visible from the outside can be understood as the surface web. The crust of the iceberg is also known as the visible web. The visible web comprises of web pages, websites that are listed in the search engines. Search engines like Google, Bing and Wikipedia have all the web pages in their directories. All the search results a user makes are tracked monitored and listed by the traditional search engines.
The dark web is accessed by using special software and web servers called centralized computers hosting webpage’s. The most common of these special software are TOR [The Onion Router] and I2P [Invisible Internet Project], says J. Eduardo Campos, formerly a cyber security advisor for a major tech company and currently co-founder of the consulting firm Embedded knowledge.
Dark Web Tools and Services That Present Enterprise Risk
The web tools and services that affect an organization which pose as a threat in the form of network breach or data comprise when the system gains access to Deep Web directories which is accessed with the help of Tor .onion urls directories.
· Infection or attacks, including malware, distributed denial of service (DDoS) and botnets
· Access, including remote access Trojans (RATs), key loggers and exploits
· Espionage, including services, customization and targeting
· Support services such as tutorials
· Intellectual property/trade secret
The Dark Web Links play a vital role in the spreading communities of malware developers; the principal Darknet are privileged environments for malware authors and botmasters. The numerous black marketplaces are excellent points of aggregation for malware developers and crooks that intend to pay for malicious code and command and control infrastructures. The use of Darknet represents a design choice for malware developers that use them to hide the command and control servers.
The list of malicious malware that were exploiting both the Tor network and I2P dark net to hide their command and control servers are as follows:
i) Malware Using C&C In The Darknet:
Many types of malware are directly controlled by servers hosted on both Tor and I2P, and it is quite easy to find Ransom-as-a-Service (RaaS) in the Darknets. Below just a few examples of malware that were discovered in the last 12 months leveraging Darknets for their operations:
· 2017 – MACSPY – Remote Access Trojan as a service on Dark web
· 2017 – MacRansom is the first Mac ransomware offered as a RaaS Service.
· 2017 – Karmen Ransomware RaaS
· 2017 –Ransomware-as-a-Service dubbed Shifr RaaS that allows creating ransomware compiling 3 form fields.
ii) Shifr RaaS Control Panel
Malware authors use to hide C&C servers in the Darknet to make botnets resilient against operations run by law enforcement and security firms. The principal advantages of Tor .onion urls directories based botnets are:
· Availability of Authenticated Hidden Services.
· Availability Private Tor Networks
· Possibility of Exit Node Flooding
Security researcher use traffic analysis to determine to detect botnet activities and have proposed different options to eradicate it
· Obscuration of the IP addresses assigned to the C&C server
· Cleaning of C&C servers and of the infected hosts
· Hosting provider de-peered
Remote Access Trojans (RAT):
It is a malware that infects remote computers and allows a remote attacker to control the computer for malicious purposes. They disguise as a legitimate program or file. After infecting a target device the threat actor gets accessed to the victim’s computer.
How to Prevent RAT from Vicious Attack:
Steps To Avoid Remote Access Trojans
a) Do not click suspicious links and do not download emails sent by unknown users.
b) Keep your computer updated with trusted anti-malware programs and make sure you update them regularly.
c) Configure your firewall in your computer regularly. If a malware infects a computer, it should not spread to other system in the network so easily.
d) Keep your operating system updated with recent patches and if possible use a virtual machine to access the internet.
Espionage (Targeting and Customization):
Intelligence on competitors gathered in a legal way can give a leg up in the fight for market share. But sometimes it’s not enough. Competitors send spies to gather information more often than you would think, judging by the news. Industrial espionage embraces illegal and unethical methods of collecting corporate data. It involves stealing intellectual property and trade secrets to use them for a competitive advantage. The theft of economic information sponsored by foreign states is called economic espionage. It’s done not just for profit but for strategic reasons. Usual targets of industrial espionage are:
· Trade Secrets: While definition of “trade secret” varies from country to country, it generally means protected information about existing products or products in development. This information may help your rivals make their products more competitive or even bring a similar product to the market faster than you can.
·Client Information: Data of your clients, including their financial information, can be used to steal business or can be leaked to damage the reputation of your company.
·Financial Information: Financial information about your company can be used to offer better deals to your clients and partners, win bids, and even make better offers to your valuable employees.
·Marketing Information: This will allow your competitors to prepare a timely answer for your marketing campaigns, which, in turn, may render them ineffective.
Steps to help avoid trouble with the Dark Web
Once data ends up on the Dark Web Links Hidden Wiki there's very little that can be done about it. It's best to avoid this from happening to your company, employee or customer data. The following best practices can help.
1. Prohibit employees from using Tor .onion url directories
If employees are allowed to access the TOR network, they can easily expose your company to damaging material and/or malware. This would be particularly detrimental to your corporate network, says Wagner. Provide clear guidance in employee manuals and train employees on 'clean' internet use, advises cyber security attorney Braden Perry, a partner with Kennyhertz Perry. Use software to block TOR. Make it clear that corporate investigations will be initiated if management suspects that this rule is being broken.
2. Educate employees on security protocols.
The end user is the weakest link in your protective measures for your network, says Campos. This means it's important to teach all employees about cyber security measures and compliance with your company's policies, he says. The more aware and trained your employees, the better. He went on to add.
3. Limit employee access to sensitive data. It's a good idea to operate on a need-to-know basis when it comes to company data. The fewer employees who have access to company and client sensitive data, the less likely your company is to experience a breach.