Cyber-demic’s Dark Side

August 2021

A monthly digest on dark web activity which is heavily influenced by the impact of COVID-19, remote working, nation state activity, seasonal scams, major data breaches, as well as general ID theft protection, data trends, tips and recommendations.

--------------------------------------------------------------------------------------------------------------?

Can You Trust a Criminal?

To pay or not to pay…The million dollar or - actually more – question…In a multi-national poll of 15,000 consumers commissioned by Kaspersky, only 29% of users who experienced ransomware attacks were able to restore all their encrypted or blocked files after an attack…This speaks to the lack of enterprise level data backup and restoration policies and procedures across many organizations…But the worst part is that among the more than half (56%) that paid extortionists nearly one in five failed to get their data back even after paying out…Now that is a bad business deal…Most experts toe the line that you should not pay extortionist since that only encourages further cybercrimes…But let’s be real here, whether you are a small or large company you are losing revenue every second your system is not functioning and damaging your brand…So, if you have no other option the odds are in your favor at least that the extortionist will keep their word.

Matrix Level Hackers Do Get Caught

In my head I’m hearing the album, “Out of Time” by REM…I caught a pretty nice case study from the FBI and Symantec presented at an RSA conference that shows that eventually time runs out for even expert hackers…It was about how they took down the notorious BayRob Malware Gang - it took over 13 years of intense investigations to bring down this Romanian hacking group…So let’s get techy…They were using Linux systems, multiple levels of strong encryption for disks and files, stolen WiFi, Proxychains in different countries to obfuscate location, TOR, VPNs, SSH, SFTP, PGP, and off-the-record messaging services via Jabber…So how did they finally get caught?...First, the FBI added their own infected machines to the botnet and analyzed traffic... Second, they worked with AOL who had access to one VPN system they were using…That said, the hackers were very disciplined except on one occasion where two members of the hacking group shared an excel spreadsheet with emails and contact info of all the money mules they were using through one of the proxy systems the FBI was monitoring…Gotcha…Also, when they were communicating with Jabber, which encrypts text messages but not images sent, one of the criminals took a screenshot of his desktop that had identify info on it…Lastly, during one login attempt on their systems one of the hackers used his real online ID rather than his hacker id…Whatttt…So, the lesson here is out of the 1000’s of login attempts and transactions over 13 years, it only took three innocent mistakes to expose their identity and bring them to justice!

Disgruntled Employees can Hurt more than your Employee Net Promotor Score

When some cyber experts speak of dark web groups you need to be concerned with, they often list script kiddies, organized crime, anarchists and nation states as the four primary practice groups... However, you should look within as disgruntled employees should never be overlooked…Depending on their position they may have the keys to your proverbial castle whether its payroll information, intellectual propriety or access to key system end points…The recruiting of disgruntled employees or those looking to make a quick buck is not restricted to ransomware; the dark web has been recruiting people for years to either to monetize the data and access they have or exclusive groups who want to buy this information whether it related to system security or insider information…Check out my colleague Mike Bruemmer’s post on how LockBit gangs are recruiting ransomware moles within your organization.