IT and business media are increasingly full of the threats posed by cybercrime. Based on my own extensive experience the threat is not exaggerated.
Many of the threats are underpinned by something called the Dark Web, or Dark Net. This term refers to an overlay network that exists in parallel to the Internet, which can only be accessed using specific software like a TOR (an application browser used on the dark web) browser, configurations or authorisation.
Dark nets are quite transient, appearing and disappearing at unexpected times. They contain a vibrant and thriving e-commerce sector in which participants trade in illegal goods and services. These markets offer goods like drugs, counterfeit money, stolen IDs, credit card details, and website and corporate access credentials.
Where do these thriving markets in this hidden cyber world get the goods they are selling in such quantities?
The answer is from you, or your network, often through a compromised device. Upon investigation, it is also clear that in almost every incident, the user and the people responsible for managing the computers and networks did not even know they had been compromised. In other words, they do not know to take post-factor remedial action.
An additional factor is that even a person with limited experience can quite easily access the tools and services needed to hack into sensitive data and credentials. In uncertain times, people look for new ways to make a little bit extra. These amateur hackers are compounding the already severe problem posed by criminal syndicates.
More attacks, more loot
As a result, we are seeing an unprecedented rise in the type and number of attacks on inexperienced and ill-prepared ecosystem users in an attempt to steal information or access records.
Here’s a typical scenario: a user innocently clicks on a link to view an ‘interesting’ news article. He or she is taken to a compromised advertising site and a piece of malware is surreptitiously delivered onto the user’s device. When this happens, users need to know instantly that something untoward has happened so they can react before too much damage is done.
- The latest malware attacks typically do one or more of the following:
- Check Internet connection and security settings.
- Download and run malicious files or ransomware.
- Report status to the author or attacker.
- Execute instructions on the devices they have penetrated.
- Automatically upload information taken from devices and the networks to which they are connected.
- Change administration privileges and validate security certificates.
The only way to counteract these and similar threats is to commence with an approach and understanding that all networks are dangerous. By adopting this approach, you promote a culture of ‘secure thinking’, cognisance of the dangers which in turn leads to responsible usage by all staff and network administrators. But it is vital to also ensure that you have real-time visibility of anomalous activities on both the Internet and your devices connected to it.
Ask yourself, or better still, find out who can support you on your journey in terms of becoming a more informed member of the human firewall chain and ensure they ask:
- Do you know whether a new piece of software (or malware) has been loaded onto your device? Or any device on your network? Is data being copied to an external source in the background?
- Are new files being run that are collecting data in a central place on or off a trusted part of your environment?
If you do not have immediate visibility into unauthorised changes, you are most probably already at risk or even worse, are already a member of a growing member of the coalition of the compromised.