© 2021 AO Kaspersky Lab. All Rights Reserved.
These police officers are lighting up the dark web
Law enforcement has ways to identify people selling private information on the dark web.
Law enforcement has ways to identify people selling private information on the dark web.
The Dark Web: home of fraud, fake COVID-19 vaccines and illicit marketplaces selling everything from personal data to narcotics and child sexual abuse images.
In the first in our new series, Hacker: Hunter Behind the Screens, we head into the web’s criminal underbelly with the UK’s Yorkshire and Humber Regional Cybercrime Unit (RCCU).
The Dark Web is a network of computers where web traffic is anonymized. Many use it to access marketplaces and other sites to facilitate and commit crime.
David Malkin, former Senior Investigating Officer at the RCCU, compares the Dark Web with taking a train. “On the Clear Web, you have a ticket from A to B. In between, someone can check your ticket and see where you’re coming from and where you’re going. On the Dark Web, tickets don’t give your origin or destination, and your route may be different each time.”
This encryption – and the risk-free environment created by the cloak of anonymity – has led the Dark Web to become a space for criminality: Kaspersky research shows that fake Covid vaccination certificates are for sale for just $20 on the Dark Web, while Statista research suggests 59% of listings on Dark Web marketplaces are for illicit drugs and drug-related chemicals.
But alongside illegal drugs, counterfeit goods and weapons, the sale of personal data is big business on the Dark Web. Fraudsters can buy names, dates of birth, credit card information and more at alarmingly low prices ($40 for online banking logins according to Forbes.com.)
The FBI reports losses from online fraud topped 4 billion US dollars in 2020, and these losses destroy lives.
Chris Spinks, Detective Sergeant in the RCCU’s Web Operations Team, says, “We’ve heard of people who’ve lost tens of thousands of pounds through fraud committing suicide, all because their private information was sold.”
Kaspersky reports the dark web can also be used for good. Dissidents, whistleblowers and investigative journalists use it to communicate anonymously online, and others use it to avoid online data collection.
How to protect yourself from the Dark Web
Kaspersky explains how the Dark Web poses two key threats to everyday internet users – having your identity stolen or your device becoming infected with malware.
Any kind of personal data can be sold on the Dark Web, so be sure to keep your passwords, physical addresses, bank account details and social security numbers safe and protected from potential leaks. If you’re concerned about a personal data breach, use a Dark Web monitoring service like Have I Been Pwned to tell you if your data is up for sale.
The Dark Web is full of information that’s been stolen via malware – tools like keyloggers (that keep a record of everything you type on your keyboard without you realising) and spyware (code that steals your private information, like passwords) can infect your devices without warning. Consider installing anti-virus software like Kaspersky Security Cloud to stay safe online. For more videos about the people fighting cybercrime and how they do it, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.
A New Way to Stop Cyberattacks on Healthcare
They distribute billions of dollars each year to those most in need, and that’s why they’re under attack.
They distribute billions of dollars each year to those most in need, and that’s why they’re under attack.
You’d think cybercriminals would hesitate before attacking organizations that care for the world’s poorest and most vulnerable – non-government organizations (NGOs,) humanitarian groups and healthcare institutions. But nothing could be further from the truth.
Cybercriminals know NGOs distribute billions in aid each year, and hold sensitive client and donor information. This makes them an attractive target.
With many people around the world relying on these vital organizations for food, work and education, a cyberattack can cost lives. CyberPeace Institute is out to protect those lives with creative ways to help NGOs protect themselves.
Klara Jordan, Chief Public Policy Officer at CyberPeace Institute, says, “The not-for-profit sector, NGOs and healthcare institutions are under-resourced and under-equipped to deal with cyberthreats. The biggest risk is that an NGO will have to close.”
Stéphane Duguin, Chief Executive Officer, says cybercriminals often attack NGOs. “One in two NGOs have had a cyberattack, but four in five don’t have a cybersecurity plan.”
Data breaches are a particular risk because of the sensitive data NGOs and healthcare institutions hold. “NGOs need trust to operate. Without it, they can lose access to resources. If they can’t protect themselves from a cyberattack, they lose donors’ and funders’ trust,” says Jordan.
Founded in 2019, CyberPeace Institute has a unique way to help NGOs reduce their cyber risk. “Our program, CyberPeace Builders, means NGOs can get help from the private sector,” says Duguin. “Corporations want to exercise corporate social responsibility in cyberspace. We make sure their goodwill finds the right fit with NGOs in need.”
CyberPeace Institute is also concerned governments aren’t doing enough to fight cybercrime. Cybercrime gangs act with impunity from countries that shield them from prosecution and leaders don’t always have the political will to hold them accountable.
In May 2020, the Institute published a call to governments worldwide, demanding immediate action to stop cyberattacks on healthcare. They asked world leaders to work together to protect the critical sector.
Jordan believes secure technology can bring enormous benefits to all. “CyberPeace means the infrastructure we rely on is safe, secure and trustworthy. Then, we can benefit from these technologies without being endangered by using them. We can only unlock technology’s potential if it’s safe, secure and stable.”
Unravelling the 2018 Pyeongchang Olympic cyberattack mystery
Our video picks: Olympic Games – tech success or failure?
As the Olympic torch begins its journey to Tokyo 2021’s opening ceremony, we ask, is the Olympic Games a chance for technology to shine or a data breach waiting to happen?
In ancient Greece, the Olympics began some 3,000 years ago as a sporting event to honour the god Zeus. As the iconic torch sets off on its journey to the Tokyo 2021 opening ceremony, we ask if the Olympic Games is where new technological standards are set, or a breeding ground for emerging cyber threats.
Tech successes and failures from Olympic history range from robotics to autonomous vehicles, to merciless malware that tried to start a cyberwar.
Good Morning America shows us how new drones from Intel will change medal ceremonies forever.
With the Tokyo 2020 Olympic Games just around the corner, here’s a snapshot of the incredible technology the organizers will use to make the event smoother and more enjoyable for everyone.
If successful, the 2018 Pyeongchang Olympics’ cyberattack would have left a geopolitical disaster in its wake. hacker: Hunter Olympic Destroyer is a three-part series exploring the mysterious motives behind the attackers, why it’s one of the most deceptive cyberattacks in history and the ‘extraordinarily brilliant’ response that stopped it in its tracks. Watch the full 2018 Olympic cyberattack series.
The Olympic Games is one of the biggest stages on Earth to champion technology in all forms. But with more than sports at stake if things go wrong – think, mountains of personal data and even competitors’ health – how can businesses and organizations make sure this event and its tech is safe for all to enjoy?
What data secrets can 185 hard drives tell you?
A live Q&A; with Félix Aimé and Marco Preuss
A live Q&A; with Félix Aimé and Marco Preuss
Join presenter Rainer Bock to explore the great privacy challenges we face today, and what we can do to protect ourselves.
Join the privacy debate
Online privacy is more important than ever right now. Given the digital world’s meteoric expansion, the ever-evolving threat landscape and murky data privacy court cases, this is the perfect time to brush up on what we’re up against and how to stay safe.
Rainer Bock meets cybersecurity experts from Kaspersky’s Global Research and Analysis Team, Marco Preuss and Félix Aimé. They discuss the critical stalkerware threat, programs that fight unwanted data sharing, and a bold privacy experiment involving 185 used hard drives, USB sticks and notepads.
Want a career in cyber? Meet the women owning it
These are cybersecurity's trailblazing women to follow
These are cybersecurity's trailblazing women to follow
This International Women’s Day, we celebrate the makers, creators and doers working to close tech’s gender gap. Sure, the industry has a long way to go, but these women’s success shows we’re making progress. Essential reading if you’re looking at a career in the industry.
Are you thinking about a career in cybersecurity but put off by the lack of women in the industry? There’s good news: the tides are changing. What was a male-dominated industry is transforming – slowly but surely. We’re celebrating the women who’ve made it.
Diversity benefits our teams, yet encouraging more women to join is a constant challenge in the tech industry. Now is the time for change. Kaspersky’s Women in Tech report found 57 percent agree there are now more women in IT and tech roles than two years ago. Plus, one in two believe that remote working has improved gender equality. This might seem like slow progress, but it’s a positive sign for championing women in cybersecurity. And these trailblazers are leading the way.
Follow Theresa: @TrackerPayton
How many people can say that? Formerly of the White House, Theresa is CEO of Fortalice – a cybersecurity firm specializing in protecting small-to-medium-sized businesses and a team member on the CBS reality TV show Hunted. Here’s her view on what it’s like being a woman working in cybersecurity.
Follow Katie: @k8em0
Katie’s been programming computers since she was eight. Since then, she’s helped Microsoft develop its Bug Bounty program, developed Hack the Pentagon for the US Department of Defence and founded a cybersecurity agency, Luta Security. So what’s the secret behind her success?
Follow Eva: @evacide
Eva set up the Electronic Frontier Foundation, a collection of technologists and activists to defend free speech online and fight illegal surveillance. Now she’s a leading voice in the fight against stalkerware. Meet Eva in Tomorrow Unlocked series Defenders of Digital.
Follow Magda: @m49D4ch3lly
Magda is a top international cybersecurity influencer. Global leader of the year at the Women in IT Awards 2017, Founder of Woman in Cyber group, and works with numerous non-profit focus groups. If that wasn’t enough, she leads her own company, Responsible Cyber. But what makes her tick?
Follow Shira: @Shirastweet
Cybersecurity expert, influencer and font of cyber knowledge – Shira Rubinoff is President of SecureMySocial. Here she breaks down the importance of cybersecurity training.
Follow Tyler: @TylerCohenWood
Tyler is a globally-recognized cyber-authority. She’s spent time developing cybersecurity initiatives for the White House, Department of Defence and the Defense Intelligence Agency (as their Cyber Deputy Chief.) Here she talks about the cyber-apocalypse.
Follow Jane: @JaneFrankland
Security entrepreneur and author of In Security: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe – Jane Frankland is empowering more women to become cybersecurity leaders in company boardrooms worldwide. Here she talks about Industry 4.0.
Follow Anne-Marie: @aimafidon
Tech speaker and author, Anne-Marie, CEO of training organization Stemettes, is leading the wave by encouraging girls and young women to pursue cyber careers. Read an interview with Anne-Marie in Secure Futures by Kaspersky magazine.
This is just a tiny snapshot of the incredible women helping to close tech’s gender gap globally. Here are a few more women to get on your radar.
Lesley Carhart: Principal Threat Analyst at Dragos, with two decades of threat hunting experience. She was named “Top Woman in Cybersecurity” in 2017.
Follow Lesley: @hacks4pancakes
Noushin Shabab: Senior Security Researcher at Kaspersky who’s helping to connect, support and inspire women in security across Australia through the Australian Women in Security Network.
Follow Noushin: @NoushinShbb
Parisa Tabriz: The self-styled “Security Princess” running Google’s security testing labs.
Follow Parisa: @laparisa
And not forgetting…
Rebecca Base: ‘A maverick and a catalyst for women in cybersecurity,’ widely respected as a security technology pioneer, known for her valued role as a mentor to young people and young companies in cyber. Rebecca is no longer with us, but her legacy remains.
Looking for more inspiration on how women are overcoming gender biases in tech and cybersecurity? Explore Kaspersky’s Empower Women project.
The final instalment of our series hacker:HUNTER Olympic Destroyer examines how Pyeongchang winter Olympics hackers put smokescreen to misdirect cybersecurity analysts. But through the fog, analysts realized the culprit wasn’t who you might expect.
If successful, the 2018 Pyeongchang cyberattack could have cost billions of dollars, leaving a canceled Olympics and a geopolitical disaster in its wake. Their deceptive methods meant the cybercriminals nearly got away with it. Why did they want to point the analysts at another group? And who was behind it all?
Cybercriminals don’t leave a calling card, but they do leave evidence. The art of finding and using that evidence to find the culprit is known as threat attribution.
Threat attribution is forensic analysis for advanced persistent threats (APTs). It analyzes the attackers’ ‘fingerprints,’ such as the style of their code, where they attack and what kinds of organizations they target. Attacks can be matched with the fingerprints of other attacks attributed to specific groups.
Hackers have their own set of tactics, techniques and procedures. Cybersecurity experts can identify threat actors by studying these elements.
In February 2016, hackers attempted to steal $851 million US dollars and siphoned $81 million US dollars from the Central Bank of Bangladesh. The attack was linked to notorious cyber espionage and sabotage group Lazarus Group. Lazarus attacks casinos, financial institutions, and investment and cryptocurrency software developers.
Lazarus has certain targets and ways of attacking: Infecting a website employees of a targeted organization often visit or finding a vulnerability in one of their servers. These are the ‘fingerprints’ used in threat attribution.
Crucially, Lazarus Group is long thought to be linked to North Korea. Olympic Destroyer included a piece of Lazarus’s malware code, but the type of attack didn’t fit. Its fingerprints better matched a cluster of attacks by another group with a very different agenda.
Watch the full video to see if you knew who the hacker was all along.
This APT might not have worked, but over the years, others have. To see what a successful APT looks like, watch Chasing Lazarus: A hunt for the infamous hackers to prevent big bank heists.
This Cosmonautics Day, watch how hackers improve satellite systems
Hackers hijacked a US Air Force satellite with just $300 worth of TV equipment to show just how easy it is.
Every time you use your phone, GPS or a connected device you’re dialling up a satellite. And yet many orbiting satellites are protected by cybersecurity tech from the 1990s. This leaves the systems and sensitive data vulnerable to hacking, with dangerous consequences.
In partnership with Freethink, season 3 of Coded explores the latest trends in hacking. In episode 4 we meet a young scholar who hacked a satellite with $300 of TV equipment. And we visit one of the teams from 2020’s Hack-a-Sat competition who are helping the government to identify and close security gaps in the thousands of satellites orbiting the earth.
Penetration tester Jayson E. Street helps banks by hacking them
Described by Europol as “one of most significant botnets of the past decade,” Emotet left a trail of destruction in its wake as it rampaged across the world. Here’s everything you need to know about this devastating malware.
Spread by spam emails, Emotet’s goal was to compromise devices and networks and sell back-door access to anyone.
Emotet was much more than just malware. The cybercriminals behind it behaved like a commercial business, offering their weapon for hire to other cybercriminals. This allowed these third parties to install all kinds of malicious software – like banking trojans, ransomware, botnets and cryptocurrency miners – onto their victims’ networks.
With an estimated clean up cost of $1m per attack, the US Department of Homeland Security concluded Emotet had enormous destructive power. Germany’s Federal Office for Information Security called Emotet the “king of malware.”
There’s no question Emotet is one of the most complex and dangerous malware ever. It left a trail of expensive attacks in its wake, partly because it’s polymorphic, which means its code changes a little bit every time it’s accessed. This made it almost impossible for antivirus software to defeat.
Like their code, the cybercriminals behind Emotet were constantly on the move. Because of this dynamic and nebulous strategy, a coordinated effort by eight law enforcement agencies was needed to finally take Emotet down.
After being infected with Emotet, German hospital Fuerstenfeldbruck shut down almost 500 computers and had to resort to paper based documentation in the rescue control center to control the infection. Unconfirmed reports claimed this led to lives being put in danger, the attack was considered by many to be the lowest point of Emotet’s regime of destruction.
In 2019, the Berlin Court of Appeal and the University of Giessen were attacked and suffered major disruption. The Medical University of Hannover and the city administration of Frankfurt am Main also fell victim to Emotet, with countless other organisations likely to have been attacked.
Nobody truly knows who is behind Emotet. As you’ll see in hacker:HUNTER, the group was eventually traced to Ukraine but speculation remains that those arrested were not the only perpetrators and that Emotet could morph and rise again to cause carnage around the world.
Watch the episode now and see the full story for yourself.
hacker:HUNTER Ha(ck)c1ne
On September 9, in a hospital in Dusseldorf, Germany, a patient died from a virus. It wasn’t what you might think: the hospital was hit by ransomware, infecting 30 servers before causing a total system shutdown, leading to the loss of her life. Yet this was a random act of chaos: the hackers misfired, they intended to infiltrate a nearby university.
This attack was fatal, but not unexpected. Attacks on hospitals and other health organizations have dramatically increased during the pandemic. When they hit, they can cost lives. Hospitals often have limited cybersecurity, making them vulnerable to attacks. In March, the University Hospital Brno, Czech Republic, faced a similar attack, fortunately, with no casualties.
For the latest hacker episode:HUNTER, we spoke to hospital staff to understand how ransomware attacks could harm patients.
During the peak of pandemic information overload, COVID-19-themed cyberattacks spiked to a million a day in early March. Attacks targeting people access systems remotely – such as phishing, malicious websites, and malware – increased by a staggering 300 times during 2020.
Craig Jones, Director of Cybercrime at Interpol, explains: “Since March, the levels of work have ramped up. I’ve never known a period like it, not just at Interpol but also during my law enforcement experience.” Check out Interpol’s advice to protect yourself against Covid-19 cyberthreats.
So what can we do in a world where cybercriminals seem to be one step ahead of us? Hunting down the hackers is no easy task, but as the heroes in the second season of hacker:HUNTER shows, we can protect everyone by taking a stand against cybercrime.
COVID fake news and false hope
“Cybercriminals were quick to realize many years ago that people fall prey to hot topics,” says Costin Raiu, Director of Global Research & Analysis, Kaspersky. And today’s hottest topic is the pandemic.
Chapter 2 of hacker:HUNTER ha(ck)c1ne explores COVID-related phishing attacks, known as spear-phishing. These attacks skyrocketed by nearly seven times between February and March this year.
When the virus took force, and we were all frantic trying to help each other, cybercriminals found a way to wreak havoc. In September, Facebook announced an aid program of $100 million for small business owners affected by the pandemic. When the story was picked up by the media, hackers started fishing (or, more accurately, phishing) with the bait.
Cybercriminals published fake news saying Facebook would be handing out free money to everyone affected by COVID-19. On a site cleverly disguised to look like Facebook, you fill out a form that shares personal data like your address, social security number or a photo of your ID. You get a confirmation message that your application has been accepted and sit back and wait for the money to arrive. It never will.
The worst part? It’s not the false hope, but what cybercriminals can do with this information: tricking friends and family members into sending money, credit card fraud or even identity theft
.
It’s not just people like us who criminals are targeting – organizations are hit too. At work, you get sent an email you think is from someone you know or your manager. But when you click on a link or open an attachment, it downloads malicious software opening the door for hackers to access the corporate network. They download data to sell on the dark web, or encrypt it via ransomware and force the business to pay the ransom to stop it from being leaked.
Photo by Adam Nieścioruk on Unsplash
Criminals have the resources to hit everyone, from society’s most vulnerable people to lucrative targets like big businesses and government. “Clearly the world is not as safe as we would like it to be. We’re surrounded by all kinds of new and different threats,” explains Zak Doffman, Founder and CEO of Digital Barriers. “The access to COVID treatments is a nation-state wide competitive advantage.”
In the face of this influx of threats, more kudos to the people keeping us and our data safe, like the Cyber Volunteers 19. To keep yourself safe, Kaspersky Daily serves up advice on spotting and protecting yourself from the Facebook grants scam.
Loading more articles