Complex Made Simple

A dark web exclusive: Stop being a soft target. Think outside the hardware

With digitization so rampant, almost every organization, private or public, is at the mercy of online attacks where criminals lurk, work, and connive behind the secret walls of the Dark Web Inc. Are businesses helpless?

The deep web is 80-90% the size of the visible web, and the dark web is about 10-20% of that The biggest black markets in the world are the ones on the dark web Cryptocurrencies are a way to provide liquidity, in a traceless manner, to cybercriminals

Any unassisted person with bling shining off of their necks, wrists, and ears is always a target for criminal activity, and they don’t have to be walking in a dark alley for this to happen. 

That’s real life.

In the digital world, the very same thing happens. Flush with money, companies that have vulnerabilities in their data structures will always be targets for DDoS and ransomware attacks.

And with digitization so rampant, almost every organization, private or public, is at the mercy of online attacks where criminals lurk, work, and connive behind the secret walls of the Dark Web Inc.

At the bad guys’ mercy, that is, unless organizations get smarter and use stealth to hide their wealth.

Aiming to shed more light on this, AMEinfo conducted an interview with Sam Curry, Chief Security Officer at Cybereason, prominent global cyber defenders specializing in endpoint detection, prevention, and response. 

What do we know about the dark web?    

The dark web is a subset of the deep web. “It is believed that the deep web is 80-90% the size of the visible web, aka indexable internet, and the dark web is about 10-20% of that,” Curry estimated. 

“It includes vast databases of anything that is not searchable by a spider. And if it is not findable by the average person or is not part of the general knowledge on the internet, then it is the deep web. You have to be an in-member to take part in whatever this is.”

Curry also quickly clarified that just because the deep web’s taxonomy is not clean, it is not exclusively dedicated to sinister or nefarious activity, as people may think. 

“Not everything in the dark web is bad, but it is a world of the intentionally hidden, and tacit communication,” Curry described.

“It originally emerged as a way to acquire freedom of speech, organize activities away from prying eyes, and ensure human and civil rights are preserved. But there has always been that darker element that mimicked real-life crime away from the public eye such as selling drugs, guns, and even trafficking people.”

And it’s hard to quantify the dark web, although if one tracks the amount of money that flows through black markets and illegal businesses, it would be most of it. “How do you know what you don’t know? How many meetings does organized crime have every year? There is as much bad passing through the dark web as there is good, but the amounts are huge, in the high billions of dollars,” Curry assessed.

How are we impacted?

It’s no secret that criminal activities on the dark web leave social and economic scars on our lives.

“Regular people and business pillars of the economy all pay a heavy price as a result of dark web trades in drugs, guns, social security numbers, credit card numbers, IPs, stolen property like cars and boats, not to mention deals like counterfeiting and ransomware as a service,” Curry said.

“The biggest black markets in the world are the ones on the dark web, but the most shocking trades there are the ones dealing with cases of human trafficking, pornography, and the likes.”   

Read: Darkside behind huge Colonial Pipeline and Toshiba ransomware attacks. Irish healthcare also hit

Read: DDoS and Ransomware Attacks Reach Unprecedented Levels in the Middle East- Help AG

Follow the money

The dark web is highly flexible, the same way businesses adapt to change and events like COVID-19. But its purpose remains the same: To follow the money.

Healthcare attacks

Curry said that at the beginning of the pandemic in 2020, the bad guys pulled the same tricks as before: DDoS and Phishing attacks. 

“But towards the end, we started to see attacks on home networks, and home ISPs and going after routers, printers and even home automation,” Curry stated.

“The infrastructure of COVID-19 was also attacked. Similar to Darkside and their $8 million ransomware attack on Colonial Pipelines (Darkside made close to $90 million in ransomware in a period of 1.5 months), the Lazarus group, which we tracked at Cybereason, targeted hospitals, medical research companies, vaccine supply chains, municipalities, and whoever had the money.” 

Data top of agenda

Previously, cybercriminals stole companies’ data and extorted ransomware before they decrypted it once they collected the money, usually in bitcoins.

“Now they use double extortion tactics. They steal data and say ‘We might give you the keys, but what is this data worth to you?’ Failure to pay will result in exposing or selling that data.” 

Crypto wallets

Cryptocurrencies are a way to provide liquidity, in a traceless manner, to cybercriminals. “It’s the lubricant of the dark web where money is washed away forever,” Curry described.

Crypto owners and brokerages of digital wallets are also potential cash cows for cyberstalkers. 

“The bad guys hack people, manipulate their machines as if they were the owners, and steal wallets. A crypto configuration, in itself, is solid, like a bulletproof pipeline between two places, but what about the two ends? Who controls them, who says what goes through?” Curry asked.

“In some cases, the custodians of our wealth, the brokerages themselves, have weaknesses or vulnerability points in their data structure that let intruders in.”   

Curry goes on to say that what’s scariest is that most of what’s stolen in the crypto world is not insurable, and once the bits are gone, they are gone forever.

Digital entry points

“With digitization, we are coming to a point where we can’t tell where the real world ends and the digital one begins,” Curry said

“I have a friend that once told me ‘Why was my identity stolen? I never use this stuff and I opted out!’ and my answer was: ‘If you don’t use it, somebody will.” 

We live in a progressively more connected world that’s becoming more stealable, hackable, and prone to ransomware. 

“Boom time is online!” Curry exclaimed.

And today’s hybrid workplace is any cybercriminal’s dream come true. 

“It’s all about ROI for attackers. Is it easier to hack 100 people separately or to go to their offices and hack them all? It’s harder centrally but that’s the ROI debate these guys go through,”  Curry explained. 

“Today, everybody left the office and are now planning to come back, partially or fully. It’s like crabs returning en masse to sandy shorelines and the birds are going ‘look at all this food and they are molting’.”

Curry added: “It’s one thing if our personal laptops have trojans on them, but it’s another if we bring the hardware back to the office building.” 

So, what can be done?

“Well, in the case of hybrid work and staff coming back, the sensible thing to do is to set up a clinic that scans laptops before logging into work networks. It’s like a free oil change for your car,” Curry quipped. 

“Also, I am not a fan of zero-trust security. I prefer least trust. Companies should get together and discuss how to avoid exposure to risk. With today being work from anywhere, assume you can get compromised everywhere.” 

Cybersecurity companies and cybercriminals are at war, but it’s an asymmetric one, where the bad guys pick their targets and attack them, and the good guys are trying to fortify positions at all points. 

“But generally speaking, the attackers’ craft is improving faster,” Curry said. 

“We are becoming decoupled from the hardware. So, we don’t need to do this boundary defense anymore. We need to do security in an entirely cloud-based world where workloads and machines could be entirely visual and separated from the PC. The PC shouldn’t matter.”

Curry clarified that the questions security departments need to be asking are not how to do multi-factor authentication, how to patch, or what anti-virus they should use, as these are becoming irrelevant.  

“The real questions need to be how to find the bad guys, spot them earlier, take action sooner, and make ourselves unattractive targets,” Curry indicated. 

“75% of budgets are on security compliance, but it should be on detecting and finding cybercriminals.”   

According to Curry, attackers have eyes on the MENA region’s vast natural resources, public sector hospitals, oil distribution networks, mineral resources, and state programs. 

“If during the July and August months, the AC goes away or fuel cannot be distributed because networks get disrupted via attacks, how powerful is that to extort money?” Curry asked.

“We need to make single points of failure much tougher,” Curry summed up.