• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   A Light in the Shadows

A Light in the Shadows

  • Posted on:March 25, 2014
  • Posted in:Security
  • Posted by:Rik Ferguson (VP, Security Research)
0

Many words have been shared about the availability of questionable or outright illegal content through websites and forums hosted on the Dark Web. Many blogs have been written about the bust of the Dark Web site that has become a poster child for all that is bad about hidden services, “Silk Road.”

We know that narcotics, lethal weapons, contract killers, child exploitation material, hackers for hire and stolen identities are openly traded and shared, even indexed by search engines, by law enforcement and by the security community. We know that the problem is big and getting bigger so surely it is worth spending a few lines thinking about the “why” this is happening and reflecting on what could be done to clean up these darkest corners of the hidden Internet.

According to an investigation by the BBC paradoxically it is the fear of crime itself that is driving many to carry out their illegal activity online. Drug users are attracted to purchase and distribute through the Dark Web because it means they do not have to be on the streets looking for dealers, exposing themselves to potential violence, but can do it in anonymity without ever leaving the comfort of their homes. Not only that, but the virtual storefront means that they get to compare the prices and offers from various sources before making their choice. The same is true of course of other illegal purchases, and the sense of anonymity is compounded by the use of anonymous currencies such as that other poster-child, Bitcoin.

The drugs, guns and credit card numbers for which these underground forums are famed may not be high on the corporate risk register, as they mostly represent the “consumer” side of cybercrime. However the infrastructure exists as do the marketplaces, and the popularity and ease of use of TOR has never been greater. The Dark Web is real, it’s growing and enterprises would do well to begin taking the potential risks into account.

Cybercrime is increasingly going after businesses, big and small, in addition to the traditional consumer prey. An unregulated, anonymous Internet facilitated by transactions in nominally untraceable currencies is the perfect breeding ground for the exchange of information that could do serious harm on a corporate level. Counterfeit goods and pharmaceuticals are already traded, but how about a discount market dealing in samples, prototypes or faulty items? Think of the potential brand damage of sub-standard goods leaking into the public marketplace. Stolen data is already a stock in trade for Dark Web forums, and as more targeted attacks go after corporate treasure-troves of data, expect to see intellectual property, customer data, and source code out there too, hurting your company’s bottom line. In addition, traditional malware is already beginning to be “Dark Web enabled” using hidden services as C&C nodes, or as drop-zones for stolen information in an attempt to evade traditional network and end-point security technologies like URL filtering.

The Dark Web is in the ascendant, although we have seen some law enforcement successes against a few of the operators out there. These were mostly down to good old-fashioned detective work and OpSec failures by the miscreants.

I believe there will always be a place for free and anonymous access to information and communication in any fair society but it is time law enforcement, business and of course the security community started paying more attention to exactly what is being said in these darkest corners. We owe it to ourselves, to our information and to our society.

Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.

Related posts:

  1. Meet the New School; Same as the Old School
  2. Fear of the Dark
  3. 2013 Annual Threat Roundup: Shadows on the Horizon?
  4. Customer Perspective: Catching the thief lurking in the shadows with EDR and MDR

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.