Dark web listings for malware aimed at companies on rise


There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.

A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.

In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.

"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.

"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."

McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.

The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.

Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.

Google’s security tools can shield from cyber-attacks

Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts.

The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.

Let's take a look.

Advantage

Adding phone number can fend off bot-based attacks.

Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.

The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.

Protection

Two-factor authentication offers highest security.

Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now.

The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.

Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.

Security key offers strongest shield.

Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.

Risk

Google also showed what happens when you don't use 2SV.

The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.

These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on.

The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.

Will Cyber Security Companies shift their Headquarters out of US?


Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.


Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.