Conclusion
CHESTER Wisniewski of Sophos Group Plc. said the current scenario is quite different from the past, as any Juan, Pedro and Jose can develop and release a virus today.
“Gone are the days when ransomware was developed and distributed by skilled cyber criminals,” Wisniewski told the BusinessMirror through e-mail. “Today, anyone can easily build and launch ransomware, as there are only two key requirements—bad intent and access to the Dark Web, a marketplace where malware kits are advertised the way a traditional online retailer promotes regular items like clothes and shoes.”
It is a challenge to track users on the Dark Web, he replied to questions sent via e-mail. According to Wisniewski, most of these users are anonymous and protected by a privacy feature “baked” directly into The Onion Router, or Tor, browser.
“This also means that law-enforcement authorities are unable to identify where the web sites are, who owns them, who uses them or who to arrest,” he explained.
Wisniewski points out this easy access to the Dark Web boosts ransomware-as-a-service distribution models, which essentially allow cyber criminals to download and use ransomware. Since ransomware is cheap to purchase and spread, it also provides a quicker payout than stealing credit-card data or personal information.
Challenges
WISNIEWSKI cites the case of “Philadelphia,” a ransomware variant released in 2016 that is easy to customize and deploy and uses common marketing strategies to reach potential customers.
“Cybercrooks only have to pay once to get an executable [file] that can generate unlimited ransomware samples,” he added. “There is even a production-quality introductory video on YouTube, explaining the nuts and bolts of the kit and ways to customize the ransomware with a range of feature options. Hence, with ransomware variants like Philadelphia, [even] criminals with limited technical skill [can easily commit a cybercrime].”
In fact, Wisniewski reveals there are ransomware variants on the Dark Web delivered via cloud that offer a host of menu options to guide crooks on how much ransom to charge and the distribution spectrum of the attack.
For a ransomware campaign to succeed, he says attackers must hurdle the main challenges. Some of these challenges include the creation of ransomware samples, sending these samples to victims and managing the attacks by collating statistical information, checking payment, etc.
Wisniewski recommends organizations must undertake steps to ensure attackers do not cross these challenges successfully.
For one, the organization must put up a command-and-control server to communicate with victims, he said.
“[They must] understand underground trends and train employees on how the Dark Web works,” Wisniewski said. “[They should also] increase the frequency of security monitoring and reporting in the organization.”
“Patch early and patch often, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003,” he added.
Wisniewski, principal research scientist of the British security software and hardware company, said nothing beats vigilance.
“The organization must recognize if employees or customers are being targeted.”
‘Infostructure’ defense
ACCORDING to Allan S. Cabanlong of the Department of Information and Communications Technology (DICT), the agency is currently organizing the National Cyber Intelligence Platform.
Once operational, a system will be in place for real-time monitoring of cyberattacks across the Dark Web, the Deep Web, fraudster-to-fraudster social-media conversations and other digital channels, among others, DICT Assistant Secretary Cabanlong said. He said the system is also expected to provide actionable intelligence and alerts to help organizations take the right steps to protect their financial assets, brands and customer reputations.
With the establishment of the National Cyber Intelligence Platform, this will enable the DICT to pursue strategic monitoring of the Dark Web. Moreover, it will provide near real-time threat intelligence before, during and after cyberattacks that are propagated via the Dark Web, the Deep Web, chat rooms, Pastebin sites and threat actor groups in social networks.
“The center will enable deep visibility into the most obscure and dangerous layers of the Internet, automatically monitoring and identifying threats in order to provide actionable intelligence to the agencies and organizations concerned,” Cabanlong told the BusinessMirror.
He added that as a developing country, the Philippines should fast-track the implementation of its cybersecurity road map, or the “National Cybersecurity Plan 2022.” He warns that cyberattacks targeting critical information infrastructures or “infostructures” are surging. A growing number of these threats are propagated by entities lurking in the most hidden regions of the Internet, Cabanlong said.
Anti-Dark Web
Cabanlong said the DICT welcomes any offer for cooperation in the fight against cybercrime and criminals operating in the Dark Web.
He told the BusinessMirror “there are existing cybersecurity collaborations and cybercrime-prevention initiatives” with member countries of the Association of Southeast Asian Nations. Cabanlong, however, did not elaborate on these “collaborations.”
Nonetheless, he doesn’t want to totally condemn anonymity as malfeasance.
Anonymity can be used for both good and bad, Cabanlong said. “It [anonymity] can be a powerful weapon as an economic solution or for political retribution,” he added. “But there are also those who take advantage of this online anonymity to use the Dark
Web for illegal activities, such as controlled substance trading, illegal financial transactions, identity theft and so on. Needless to say, the Dark Web adversely impacts a country’s national security and economy.”
The easiest way to avoid the Dark Market is to stay away from it because they are often filled with contraband and booby-trapped software, Cabanlong said.
“The average citizen is more likely to find themselves scammed, or hacked, or worst, getting caught up in a criminal conspiracy, if they don’t know what they’re doing,” F5 Networks Inc. Worldwide Security Evangelist David Holmes said. “Dark Markets are not places for someone who aren’t trained in cybersecurity and using specialized defensive software.”
Image credits: Jimbo Albano