This post is also available in: עברית (Hebrew)
IBM’s security division has published its security threats reports for the third quarter of 2015 which it pointing out to an increasing danger of cyber attacks coming from the Dark Web, using TOR networks and other tactics including demands of ransom. The Dark Web brings together criminals and organizations involved with malicious and criminal activity via peer-to-peer encrypted communications. It is not mapped by search engines and therefore unaccessible to regular users.
TOR (The Onion Router) network allows direct communication to the Dark Web and managind anonymous communication by hopping between a large number of IP addresses. While this technology serves non-malicious bodies, such as governmental, reporters and police systems, the special nature of the TOR communication junctions helps users looking to mask their online activity for malicious intents. Ever since the beginning of the year, the United States alone registered over 150,000 malicious incidents based on TOR.
TOR has filled a central tole in the total of attacks which include demands of ransom. System attacks today are using advanced encryption technologies in order to remotely encrypt data on the attacked computer and demand a ransom be paid for the tool needed to decipher the encryption so the locked data could be reused. “Ransom demand services” systems, available on the Dark Web, allow criminals to charge millions of dollars every year by using a designater toolkit which is available for download online. By using available TOR sites, criminals can collect from the victims the ransom money without exposing themselves.
Despite the existence of many prevention and protection technologies, the world of cyber attack for ransom keeps on developing. Last spring the United States has seen a large attack of breaking in systems for ransom. In several cases, IBM’s security experts have revealed the use of TOR sites for collecting the ransom money, paid in Bitcoin, from the victims.
The X-Force security intelligence team of IBM alert that organizations could lose hundreds of thousands of dollars, even millions, due to shutting down systems and missing out on business opportunities in cases of ransom attacks. What’s more, should a TOR junction be revealed in the organizations’s network, it could be exposed to substantial lawsuits, if the attack was done through that junction.
Tor presents another justification to deepen organizational awareness, as far as the possiblity of employees secretly managing TOR junctions inside the organization’s network go. These junctions are a possible source for a wide variety of attacks, uncluding injecting a SQL code, scanning for weak points and decentralized attacks for preventing service, DDos.
IBM’s security experts recommend taking steps in order to obstruct TOR communications and to decrease the size of attacks. Such obstructions include Firewalls, technologies to prevent penetration and to detect attempts of network penetration, IDS/IPS which point out attacks and applying a pan-organizational policy to prevent the establishment of TOR relays or access juntions like it, linking between the organization’s network and the Dark Web.