Cybercriminals, whose attacks cost organizations millions of dollars a year, do extensive research on their targets. They gather organizational and personal information before deciding which vulnerabilities to exploit.
SurfWatch Labs, a security consultancy, has released a report on research resources cybercriminals use. The purpose of the report is to provide organizations a tool to prevent cyber attacks. The report includes an overview of information resources cybercriminals use to target the victims. Knowing about these resources can help organizations defend against cyber attacks.
The majority of threat awareness training is taking place in medium to large sized businesses, according to Adam Meyer, SurfWatch Labs’ chief security strategist. “However, much of this training is geared toward protecting the employer and less about employees protecting themselves and their personal lives, even though some would transfer over and provide benefit to the employer,” Meyer told Hacked.com.
Lack Of Public Awareness
“Many organizations, and individuals for that matter, do not know their ‘level of presence’ out there,” he said. “They don’t know what their true exposure to cyber threats is, and therefore are not making fully informed risk decisions. We all use technology every day in our lives and have become completely dependent on it, but we don’t place much effort in trying to live a cyber safe lifestyle. A well-rounded cyber safety awareness program is one of the cheapest and most impactful efforts you can do to combat cyber crime, yet is the least utilized,” he said.
SurfWatch Labs searches the public Internet and the Dark Web to gather information about criminal activity.
The company’s website offers an example of a Dark Web screen shot showing where an organization’s stolen credit cards are for sale. The screen shot shows bank identification numbers corresponding to credit cards, searchable location information that makes it easy for criminals to evade conventional fraud detection, multiple base names that indicate batches of stolen card information, and a number indicating how many cards are for sale.
Criminals Use Security Websites
One takeaway from the report is that websites that appear to be intended to help protect people from cyber attack are actually resources for cyber attackers.
Most tools can be used for both positive and negative purposes with the only difference being the intent of the individual, Meyer said.
Asked if SurfWatch could also serve as a resource for cyber criminals, Meyers was adamant that it cannot. “No, our core resources are not publicly available and the information we do share is only shared with the organization who is entitled to it,” he said.
Top Three Public Resources
The top three public web sources criminals use for gathering information are Shodan.io, virustotal.com and companies’ own individual websites.
Shodan.io, launched in 2009 by John Matherly, has become the top site cyber criminals use. It constantly scans the Internet to find what is accessible publicly. The report dubs Shodan as the “Google for the Internet of Things (IoT).”
Shodan, which calls itself a search engine for security, has expanded from a list of ports and IPs to maps indicating where devices are located. It includes screenshots from unsecured servers, workstations and webcams.
The website notes that it has servers worldwide scanning the Internet to provide the latest Internet intelligence. “Who buys Smart TVs? Which countries are building the most wind farms? What companies are affected by Heartbleed?” the site advertises.
Shodan also allows organizations to keep track of all of the computers in their network that are directly accessible on the Internet. It provides a public API that allows access to all of Shodan’s data. Integrations are available for Chrome, Firefox, Nmap, FOCA, Metasploit, Maltego and many more.
Matherly’s original focus was problems associated with connected hard goods like thermostats and refrigerators, the report noted. He expanded the focus to open computer systems, industrial control systems, unsecured cameras and other things.
Shodan demonstrates the seriousness of the risk associated with putting information online. There is not much online that can be hidden from Shodan. Organizations must find a way to protect any information that goes online if they don’t want Shodan to find it.
VirusTotal presents itself as a free service that analyzes suspicious URLs and helps detect malware. The reality is that it helps malicious actors test their wares. Attackers upload new malware to test it against at least 56 anti-virus vendors to find out how their new malware will be detected.
The time frame for detecting malware is short, so it has to be used rapidly. Otherwise, the criminals would be testing a new “obfuscating” tool to hide a known malware from being detected for use in future campaigns.
The website states that anyone can send a suspicious file and receive a report with antivirus scanner results. In exchange, antivirus companies receive new malware samples to improve protections for their users. It claims to be an ecosystem where everyone works together to improve Internet security.
VirusTotal saves metadata from the files it analyzes. A user can view the IP history of the domain to get the current WHOIS, but VirusTotal will also provide a list each time it detects something malicious on the site, in addition to all samples that tried to communicate with the domain.
What About Your Own Site?
The best way for an attacker to learn about a target is from their own website. Most company websites include information about officers and key employees, such as names, email addresses, pictures, LinkedIn profiles and more.
SurfWatch noted word documents, PDFs and powerpoint presentations include metadata that has additional information about companies, including software versions of the program used to create these documents.
Google searches reveal more information about a company that many people are not aware of.
Top Dark Web Sources
The top three dark web sources are AlphaBay Market and Forum, TheRealDealMarket and HANSA Market.
AlphaBay has become the most popular Dark Web market, providing tens of thousands of things for sale, including stolen credentials, drugs, fraudulent items, bank account logins, personal information about individuals, hacking tools and more. Launched by “alpha01” in 2014, it mimics Amazon and eBay in its organization. Users purchase items anonymously using bitcoin.
Criminals access AlphaBay with the Tor browser. Since the Tor browser is available to anyone, legitimate parties can also see what is for sale.
The AlphaBay Market website claims to be the largest Darknet Market, four times larger than its closest competitor, with more than 120,000 listings. The website includes an easy-to-understand overview of how the Dark Web works, including the Tor browser, which is used to access the Dark Web.
It notes that the government is monitoring people who download Tor, but it adds that one can get around this problem by using a VPN. It encourages users to visit a site for such VPNs: https://topvpnsoftware.com.
By visiting the website, users are invited to sign up for a newsletter that provides information on how to remain anonymous online to hide Dark Web activities.
The site notes Tor has some issues with exit nodes, and that someone who has access to all nodes in the chain can track a user. The best approach is to pair Tor with a VPN that keeps no logs.
TheRealDeal, launched in 2015, focuses on selling code and exploits. Law enforcement in July of 2015 arrested some of the founders in operations against the Dark Web forums. The site shut down for a few months before relaunching in December of 2015.
TheRealDeal made news after selling user credentials from healthcare databases, as well as Yahoo, LinkedIn and MySpace. The site also offers source code, zero-day vulnerabilities and other items. Legitimate parties will gain insight into the types of tools and information that cyber criminals use.
While TheRealDeal Market site has reportedly relaunched, it is hard to access. Another website, deepdotweb, has a section on how to sign up for TheRealDeal Market.
On Sept. 17, deepdotweb noted that TheRealDeal’s evolution code (or at least a large portion of it) was bought from a hacking forum, but lacked some major parts. It noted the site would be providing free vendor accounts for 24 to 48 hours.
Deepdotweb, for its part, includes a lot of information about how to secure anonymity on the Dark Web. It notes that law enforcement is actively scrutinizing Dark Web users. There is a lot of information on finding the best VPN to ensure anonymity. There is even a chart ranking and comparing VPNs. There is also a list of 23 Dark Web sites that rates the sites and gives information on registration requirements, active warnings, security issues and more.
HANSA Market resembles an eBay for illicit goods and was created to improve Dark Web users’ security in response to the numerous exit scams. It claims that its multi-signature escrow payment process protects against theft.
HANSA vendors offer tools and information, but pirated products are the most common, including video games, software, movies and credentials for related accounts.
Top Public Payload Destinations
Public payload destinations are places from which malware is sent to end users. The three main avenues are social media, email and “malvertising.”
Social media provides the greatest avenue cyber criminals use for reaching victims. Malicious “shortened URLs” target Twitter’s text limitation. Malicious Facebook apps attract people looking to add a new application using Facebook as their login tool. Social media also gives a lot of information about people and provides attackers avenues for approaching targets.
Email spearphishing remains the leading tool for attacking victims. A phishing attack succeeds by getting one recipient out of a thousand to click a link or download a file. Nearly every major attack this year has come from spearphishing.
To protect against spear-phishing, boundary protection is required at a minimum. The only mitigation is ongoing education. Organizational policies that restrict the use of email addresses when signing up for public services will reduce an organization’s chances of falling victim to a spearphising attack.
Cyber criminals typically use malicious ads, “malvertising,” to spread malware. They often use a third party advertising network to exploit software vulnerabilities. Malvertising works because it usually appears to be legitimate and it targets victims based on their interests.
The advertising provider network is massive, making it easy for attackers to inject their malware into ads without being traced.
The Fessleak campaign, exposed last year, utilized “burner” domains that expired after eight hours.
The Fessleak attacks exploited zero-day vulnerabilities in Adobe’s Flash Player, according to securityaffairs.co. Attackers spread it from an advertising network that managed ad groups on popular websites. Initially, the ransomware was sent through an exploit kit. Researchers also found an instance of the malware served via a real-time ad-bidding network, which sent the malware.
After Microsoft patched the escalation flaw in Windows systems, the hackers stopped using file-less infections and switched to zero-day exploits.
Blacklists of malicious domains are helpful tools in preventing malware. Organizations should update these lists often and automatically.
Organizations should update their software as often as possible since malware campaigns exploit known vulnerabilities in common software.
Users should also restrict the use of scripts in browsers to prevent malware from running in the first place, although this tactic is not foolproof.
Awareness Remains An Issue
“Sadly, many organizations are only relying on general cyber crime news to keep abreast on what’s going on out there because that resource is easy, and generally free to consume,” Meyer said. “As one step beyond that, an organization might also join an industry Information Sharing and Analysis Center (ISAC) where they will receive industry specific threat information of a general nature for an annual fee.
“A third and I would say the top tier step, is for the organization to resource a full-scale intelligence capability that will look at the specifics of threat capabilities, opportunities and intent and most importantly how those threats can impact the organization specifically and paint a picture of what the organization needs to do to mitigate the threat.”
Will Regulation Help?
“While more organizational regulation isn’t always the best solution in most cases, there is an increase in regulatory oversight for cyber security efforts than just a few years ago. and I see this as a positive step,” Meyer said. “Regulators still have a long ways to go in maturing what value-added, practical steps organizations need to take to meet these regulations but at least there is an effort to enforce accountability in the right places.”
“While organizations have progressed in deploying technologies that help protect general public users, they have only done so because the market was a forcing factor due to fallout from breaches and regulatory action,” he said. “Unfortunately, too many organizations still continue to operate with heads in the sand. Additionally, the general public user is also very naïve in how they use technology and how much of their personal lives they expose on a daily basis. More education for cyber safety is needed both at the organizational level as well as for the individual.”
Images from Shutterstock and iStock/Dimitrios Stefanidis.
Ethereum Notches Two-Month High as Bitcoin Offspring Triggers Volatility
Digital currency Ethereum climbed to a two-month high on Monday, taking some of the heat off Bitcoin and Bitcoin Cash, which have slumped since the weekend.
Ethereum Forges Higher Path
Concerns over Bitcoin created a favourable tailwind for Ethereum (ETH/USD), which is the world’s No. 2 digital currency by total assets. Ether’s price topped $340.00 on Monday and later settled at $323.54. That was the highest since June 20.
At its peak, ether was up 10% on the day and 70% for the month of August.
The ETH/USD was last down 2.2% at $315.02, according to Bitfinex. Prices are due for a brisk recovery, based on the daily momentum indicators.
Fractured Bitcoin Community
Bitcoin and its offshoot, Bitcoin Cash, retreated on Monday following a volatile weekend. The BTC/USD slumped at the start of the week and was down more than 3% on Tuesday, with prices falling below $3,900.00. Just last week, Bitcoin was trading at new records near $4,500.00.
Bitcoin Cash, which emerged after the Aug. 1 hard fork, climbed to new records on Saturday, but has been in free-fall ever since. The BTH was down another 20% on Tuesday to $594.49, according to CoinMarketCap. Its total market value has dropped by several billion over the past two days.
Analysts say that a “fractured” Bitcoin community has made Ethereum a more attractive bet this week. The ether token has shown remarkable poise over the past seven days, despite trading well shy of a new record.
Other drivers behind Ethereum’s advance are steady demand from South Korean investors and growing confidence in a smooth upgrade for the the ETH network. The upgrade, which has been dubbed “Metropolis,” is expected in the next several weeks. Its key benefits include tighter transaction privacy and greater efficiency.
Ethereum Prices Unaffected by ICO Heist
Fin-tech developer Enigma was on the receiving end of a cyber-heist on Monday after hackers took over the company’s website, mailing list and instant messaging platforms. The hack occurred three weeks before Enigma’s planned Initial Coin Offering (ICO) for September 11.
In addition to defacing the company’s website, the hackers pushed a special “pre-sale” ahead of the ICO. While many users realized it was a scam, 1,492 ether tokens – valued at $495,000 – were directed into the hackers’ cryptocurrency wallet by unsuspecting backers.
The irony in all this is that Engima is a cryptography company that prides itself on top-notch security protocols. The company issued a statement that its servers had not been compromised.
Ethereum Prices on Track for 35% Monthly Drop
It has been a difficult month for ethereum. The world’s No. 2 digital currency has lost a third of its value over the past 30 days following a series of cyber breaches targeting vulnerable wallets and ICOs.
Ethereum Struggles to Regain Momentum
Ethereum (ETH/USD) was trading near $197.00 Sunday at 6:30 BST, according to Bitfinex. That represents a decline of around 5%. At current values, ethereum’s market cap was $18.4 billion.
The ETH/USD exchange rate has struggled throughout July, with prices briefly falling below $160.00. The decline, which amounted to a 60-day low, lured bargain-hunters back into the market. After surging back toward $250.00, the ETH/USD has consolidated below the $220-mark, which continues to offer strong resistance. On the opposite side of the spectrum, major support is located at $180.00.
A price recovery may prove elusive in the short-term, with the Relative Strength Index (RSI) and Stochastic indicator signalling weak underlying momentum.
Despite its recent decline, ethereum’s value has surged more than 2,200% this year.
Cyber Attacks, SEC Weigh on Market
The ethereum network suffered a large-scale cyber breach earlier this month resulting in the loss of tens of millions of dollars. A community of ethical hackers quickly banded together to “rescue” hundreds of millions of dollars worth of tokens.
Blockchain-based trading platform Coindash was also hijacked during an initial coin offering (ICO). The breach exposed Coindash’s ether wallet address, resulting in the loss of $7 million worth of ether.
The Securities and Exchange Commission (SEC) has also taken an interest in the ethereum-based ICO market. Last week, the regulator concluded that a certain multi-million dollar token sale last year violated securities law. Although ICOs have been compared to crowd-sourcing, the SEC maintained that some tokens were in fact securities.
Analysts say the SEC ruling could impact the future of ICOs, although it remains unclear how the regulator is pursuing this market. The SEC’s July 25 press release cautions investors about ICOs in general.
Coders Safeguard Vulnerable Ethereum Wallets Following Security Breach
Ethereum suffered large-scale security breaches last week after anonymous hackers targeted vulnerable wallets in the network, resulting in the loss of tens of millions of dollars. However, it didn’t take long for a volunteer group of coders to “rescue” the funds in 500 at-risk wallets before the same attackers could get to them too.
White Hat Group Takes Charge
The so-called White Hat Group showed initiative by “rescuing” the funds using the same techniques the thieves employed to compromise $32 million USD worth of ether from three multi-signature wallets. As of Monday, the White Hat Group of ethical hackers was in possession of $86 million worth of ether and an additional $122 million in tokens.
Tokens are digital assets that are sold during an Initial Coin Offering (ICO) fundraising event. They have proven to be extremely popular.
Tens of millions of dollars worth of ether and tokens have already been returned to their owners. The White Hat Group says it will issue full refunds by the end of July.
Blockchain-based trading platform Coindash was also breached last week, resulting in the loss of more than $7 million worth of ether.
Security Breaches Nothing New in Crypto World
For all its benefits, cryptocurrency has been vulnerable to several high-profile security breaches. Last summer, Hong Kong-based Bitfinex was the target of a major attack that resulted in the theft of around $70 million worth of bitcoins. In response, the exchange announced a controversial plans to “socialize” its losses among all users. Each Bitfinex trader was docked 36% as a result.
Bitcoin prices declined sharply following the attack, stopping what had been a blistering summer of gains.
Ethereum Enterprise Alliance
For anyone doubting the potential of the ether, take a look at the list of companies participating in the Enterprise Ethereum Alliance (EEA). The EEA is a forum that connects Fortune 500 companies, startups and academics with ethereum subject matter experts. The EEA is made up of multinational banks and some of the world’s biggest technology companies.
The forum has made cyber security a top priority, according to a May 22 press release. In the release, companies like Infosys, Mitsubishi UFJ Financial Group, Synechron and others expressed their intent to contribute to the future of ethereum’s security.
- Trade Recommendation: Stellar October 23, 2017
- Crypto-Friendly Japan Mulling ICO Ban? October 23, 2017
- Trade Recommendation: Lisk October 23, 2017
- More Powerful than an Emperor October 23, 2017
- Small Cap Trading Frenzy Drives Penny Stocks In October October 23, 2017
- Asian Market Update – Monday: Tokyo Gains after Election Landslide, Minor Losses in China, S. Korea October 23, 2017
- Ether Prices Fall Below $300 Amid Technical Breakdown October 23, 2017
- Buy FDS, PPC, BERY, and IIVI for the short-term October 22, 2017
- Notable Bitcoin Price Growth Events in October October 22, 2017
- Trade Recommendation: Monero October 22, 2017
A part of CCN
Analysis1 week ago
5 Things to Watch Next Week: Byzantium, Bitcoin Stretched, Gold’s Strength, The Next Fed Chair, Kirkuk and Crude Oil
ICO1 week ago
ICO Analysis: UTRUST
Cryptocurrencies1 week ago
Trade Recommendation: Stellar
Cryptocurrencies1 week ago
Trade Recommendation: Bitcoin
Cryptocurrencies3 days ago
Trade Recommendation: Ethereum
Analysis1 week ago
Long-Term Cryptocurrency Analysis: Bitcoin Leads the Charge as Ethereum Breaks-Out
Cryptocurrencies4 days ago
Trade Recommendation: Litecoin
ICO7 days ago
ICO Analysis: Genesis Vision