Cybercrime and the Deep Web: What Midsize Firms Should Know

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://midsizeinsider.com/en-us/article/cybercrime-and-the-deep-web-what-midsiz

Cybercrime is rampant in the underlayers of the Internet, otherwise known
as the Deep Web or Invisible Web. A new survey is out about this area of
the Internet, which is a hotbed for all sorts of crimes including identity
theft. The Deep Web is yet another area for caution that IT professionals
must consider when evaluating their overall security policies.

Deep Web Dangers Exist

The research, conducted by Trend Micro and featured in SecurityWeek, found
interesting statistics on cybercrime activity in the Deep Web. These Deep
Web criminals are active on darknets or networks that give anonymous access
to Web content that the average Web user does not see, a set of information
resources not reported by normal search engines. The most popular darknet,
according to Trend Micro's findings, is The Onion Router or TOR, which is a
haven for hosting botnets' command-and-control (C&C) servers as well as
malware and exploit kits.

The findings point out that stolen credit card accounts sold on the Russian
underground TOR sites are more valuable than those sold over the regular
Internet. The anonymity and untraceable nature of the transaction keeps the
price high. Although malicious activities are constantly occurring on this
invisible layer of the Internet, they are extremely difficult to follow and
investigate by authorities. The Deep Web has become known as a forum to
traffic drugs, prostitution, firearms and other types of illegal business;
furthermore, it is also a place where cybercriminals know they can target
businesses and make a profit off their corporate data.

Midsize Firms and the Risk

The password-protected forums in the Deep Web where cybercriminals sell or
trade the personal and financial data that they have stolen are a big
concern for firms today. Attackers familiar with the way the Deep Web works
can target a large, small or midsize company and successfully hack
decrypted credit or debit card numbers from their systems.

Data breaches are costly for organizations, especially for growing firms
that have limited resources, budgets and personnel to begin with.
Cybercriminals can dig deeper into corporate networks and steal profiles
and data and cause other terrible security breaches that can be difficult
for a growing firm to recover from. IT professionals at midsize firms may
not think there is any risk for them. On the contrary, company data may
include intellectual property including software, methods, code, research
or other data, which is certainly useful and if stolen could make money for
a cybercriminal. That data can be posted in the Deep Web. It can even be
placed there by an insider or disgruntled employee.

Total Security

Being aware of the Deep Web is one step to understanding that security
policies need to be set at many levels within a growing business. By
working with experienced security vendors, IT professionals at midsize
firms can determine whether the right measures are being taken to secure
the data being processed, exchanged and delivered within a particular
information infrastructure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.