BreachExchange mailing list archives
Cybercrime and the Deep Web: What Midsize Firms Should Know
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 12 Dec 2013 01:44:27 -0700
http://midsizeinsider.com/en-us/article/cybercrime-and-the-deep-web-what-midsiz Cybercrime is rampant in the underlayers of the Internet, otherwise known as the Deep Web or Invisible Web. A new survey is out about this area of the Internet, which is a hotbed for all sorts of crimes including identity theft. The Deep Web is yet another area for caution that IT professionals must consider when evaluating their overall security policies. Deep Web Dangers Exist The research, conducted by Trend Micro and featured in SecurityWeek, found interesting statistics on cybercrime activity in the Deep Web. These Deep Web criminals are active on darknets or networks that give anonymous access to Web content that the average Web user does not see, a set of information resources not reported by normal search engines. The most popular darknet, according to Trend Micro's findings, is The Onion Router or TOR, which is a haven for hosting botnets' command-and-control (C&C) servers as well as malware and exploit kits. The findings point out that stolen credit card accounts sold on the Russian underground TOR sites are more valuable than those sold over the regular Internet. The anonymity and untraceable nature of the transaction keeps the price high. Although malicious activities are constantly occurring on this invisible layer of the Internet, they are extremely difficult to follow and investigate by authorities. The Deep Web has become known as a forum to traffic drugs, prostitution, firearms and other types of illegal business; furthermore, it is also a place where cybercriminals know they can target businesses and make a profit off their corporate data. Midsize Firms and the Risk The password-protected forums in the Deep Web where cybercriminals sell or trade the personal and financial data that they have stolen are a big concern for firms today. Attackers familiar with the way the Deep Web works can target a large, small or midsize company and successfully hack decrypted credit or debit card numbers from their systems. Data breaches are costly for organizations, especially for growing firms that have limited resources, budgets and personnel to begin with. Cybercriminals can dig deeper into corporate networks and steal profiles and data and cause other terrible security breaches that can be difficult for a growing firm to recover from. IT professionals at midsize firms may not think there is any risk for them. On the contrary, company data may include intellectual property including software, methods, code, research or other data, which is certainly useful and if stolen could make money for a cybercriminal. That data can be posted in the Deep Web. It can even be placed there by an insider or disgruntled employee. Total Security Being aware of the Deep Web is one step to understanding that security policies need to be set at many levels within a growing business. By working with experienced security vendors, IT professionals at midsize firms can determine whether the right measures are being taken to secure the data being processed, exchanged and delivered within a particular information infrastructure.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Cybercrime and the Deep Web: What Midsize Firms Should Know Audrey McNeil (Dec 16)