Dead Internet Theory and Ransomware Negotiations
Evan Dumas
Seeking VP/Sales Roles | Singaporean Permanent Resident | Former Area VP at Proofpoint | Experienced Tech Executive | Driving Excellence in Technology, Cybersecurity, and Software
Dead internet theory - let's talk about it.
What are the implications for cyber?
Several recent studies suggest that over half of all internet traffic is coming from non-human sources. Between you and me, that number is probably much higher.
Regardless, we can divide this up into good bots and bad bots.
Good bots are harmless and serve a lot of valuable functions, such as indexing websites - Googlebot, for example.?
Bad bots are the issue. They're used for malicious activities ranging from scalping to DDoS attacks. They can vary in complexity from an if-then kind of bot to ones designed to emulate human behaviour (only made worse by AI).?
So, what are some of the common threats and how do we combat them?
Bad bots used in API attacks: Implement rate limiting and behaviour analysis to detect and block unusual traffic patterns targeting APIs. Proactive monitoring is key to staying ahead.
Residential proxies (spoofing): Use advanced bot detection tools that can analyse behavioural anomalies and identify proxy traffic masking as legitimate users.
Account takeover via credential stuffing: Enforce phishing-resistant multi-factor authentication (MFA) and regularly monitor for leaked credentials to block automated login attempts before they succeed.
Stay safe out there folks.
领英推荐
Link to the original post here: https://www.dhirubhai.net/posts/evan-dumas_dead-internet-theory-lets-talk-about-it-activity-7282195488848670747-32eD?utm_source=share&utm_medium=member_desktop?
Ransomware negotiators - what's it like?
I came across a thread about the experiences of some veteran ransomware negotiators and pulled out some of the most interesting parts.
Threat actor ransomware operations are incredibly organized, with several different groups working together, even a team for the negotiations and a help desk for the payment-making process. Hackers treat the whole thing like a legitimate business.?
The negotiation process is a fact-finding mission. Negotiators try to find a file listing of the data taken, proof of actual files taken, proof they can decrypt sample files we send back to them, evidence of destruction (if the payment occurs), and how they compromised the environment. After all that, only then does the negotiation occur.
Re-extortion (a failure to hand over data after a payment is made) is more common with smaller, lesser-known threat actor groups. Larger, more infamous groups try to maintain a reputation of compliance so that the next company they extort is more likely to pay.
Ransomware isn't easy on any business, but I hope this sheds some light on the process.?