Financial firms continue to move to digital-first deployments, as retail branches close, and people shift to remote work. This shift makes understanding and preventing even common darknet, or dark web, threats a priority.

Financial cybersecurity investment institutions need to understand what the dark web is, provide their security teams with the tools to explore it safely and prioritize areas of concern. Taken together, these actions can limit risk and improve regulatory compliance.

About the Darknet

Originally designed to hide users’ activities and identities, the dark web, also known as darknet, quickly became an obstacle as malicious actors leveraged tools, such as The Onion Router (TOR) to create a digital marketplace where nothing was off-limits or beyond reach. From illegal items to stolen data, there’s a good chance someone on the dark web has obtained, or has access to exactly what bad actors are after.

Not surprisingly, financial data remains one of the most popular purchases on the dark web. Credentials for high-value bank accounts start at just $500, and credit card data is sold in large volumes at low cost. Financial firms are often forced to close compromised accounts and refund fraudulent transactions, since there is little recourse when it comes to finding the origin of this pilfered information.

Dark Web: The Deep and the Darkness

No discussion of the dark web is complete without a quick primer on the difference between deep and dark deployments.

The deep web is classified as data that isn’t indexed and readily available online. While this type of data makes up 90% of the internet at large, the dark web accounts for just 0.005%, or around 8,400 live sites.

Financial firms regularly interact with the deep web. It’s where secured client data and essential enterprise assets are stored. The deep web is fundamental for finance and critical for consumer confidence. If secured financial information was readily available with a simple online search — which still happens with alarming regularity — clients would quickly abandon banks in favor of more secure alternatives.

The dark web, meanwhile, is a place without rules or regulation. Both legal and illegal activities exists side-by-side, unchecked by regulatory or operational obligations on the dark web. And, accessing the darknet isn’t complicated. Users typically leverage the Tor Browser to encrypt and obscure their location and IP address. Still, it’s nothing like the surface web.

The Economies of the Dark Web

The darknet isn’t just a free-for-all of fraudulent transactions and stolen credentials. As noted by Financial Management, this twilight trading ground has developed its own economy. It is one that follows the laws of supply and demand and sees criminal ‘vendors’ fighting for market share by offering top-tier products, lower prices and enhanced customer service.

This creates a kind of paradox. While the dark web economy doesn’t match the rest of the web in terms of design, it displays the same type of inventory and incentive tools and strategies as more common businesses. As a result, it’s critical for financial firms to take the same approach to dusk economies as those in the daylight, discovering as much information as possible.

This requires a shift in thinking. Rather than waiting for malicious actors or dark web buyers to compromise financial networks, banks must take an intelligence-based approach to data discovery. What information is available on the dark web? How much (if any) client data has been compromised? How have the bad actors made it available to potential purchasers?

Equipped with actionable insight, financial firms can begin developing proactive incident response. That could mean anything from changing account details before compromises happen to deploying security tools that better defend against theft. With the dark web now governed by supply and demand, making supply worthless is the quickest way for banks to boost their defense against shady economies.

How Your Cybersecurity Team Can Fight Back

It’s one thing to recognize the need to improve data gathering on the dark web; it’s another entirely for banks to put policy into practice.

So, how do financial firms actively protect themselves against bad actors?

It starts with an understanding of current infosec expectations, such as those described in the FFIEC Information Technology Examination Handbook. These guidelines can help banks identify potential weak points across current efforts to manage protected information. From there, they can implement effective network and access controls.

By knowing which areas need the most work, financial firms can prioritize essential infosec investments. No single dark web cybersecurity solution is enough to combat all emerging threats. Instead, organizations must adopt defensively diverse portfolios that include:

Expert Insight

Uncovering tactics and technologies used by darknet attackers is critical to improving current defenses. Human experts are the best defense. Banks must invest in security professionals capable of creating and cultivating dark web personas themselves. By becoming a trusted member of this shadow community, firms have a better chance of finding stolen data before it can be used to infiltrate accounts or compromise key systems. Then, they can integrate collected intelligence into existing defensive frameworks.

Active Listening

It’s not enough to know that data has been compromised or if attackers are attempting to breach financial networks. Firms need to know what’s being said about them on the darknet and how stolen information is being used.

For example, if banks can identify a cache of pilfered business account credentials for sale and observe interest from other users in purchasing this data, they can proactively close and re-secure these accounts to limit potential risk. With enough lead time, it’s also possible for teams to create honeypot accounts that allow attackers in but keep them contained. This, in turn, provides IT teams valuable threat vector data.

Machine Learning

While human desire and demand form the foundation of dark web functions, even the most experienced infosec experts can’t cover the entire economy at once. Advanced machine learning and artificial intelligence tools can help bridge the knowledge gap by analyzing current compromise patterns and predicting potential outcomes. This way, banks can identify top compromise targets and deploy purpose-built protections to limit the risk of darknet disclosure.

A Mirror, Darkly

As dark web economies evolve, a malicious mirror emerges. Fraudulent financial transactions have their own economy that mimics above-the-board deals. To deliver dark web security, organizations must look into the abyss, learn from it and leverage operational insight to defend against fraud.

The post Darknet Cybersecurity: How Finance Institutions Can Defend Themselves appeared first on Security Intelligence.

Last week in security news, a researcher found that malicious actors had abused the details of a test credit card just two hours after he posted the information online. The security community also learned of a survey in which three-quarters of respondents said that they had required a password reset after forgetting one of their personal passwords in the previous three months. Finally, researchers tracked several new malware samples along with a now-fixed WhatsApp vulnerability.

Top Story of the Week: The Spread of Exposed Credit Card Data

David Greenwood, a security researcher on the ThreatPipes team, wanted to find out how information posted online spreads throughout the internet and dark web. So he purchased an anonymous, prepaid Visa credit card and posted its full credentials on several paste sites. He then sat back and waited.

It took all of two hours until digital attackers sprang into action. They did so by using bots and scripts to make small purchases using the credit card information from a well-known retailer located in the U.K.

Source: iStock

Also in Security News

• Poison Frog Backdoor Samples Discovered in Aftermath of OilRig Dump: After a group of actors dumped OilRig’s attack tools online, Kaspersky Labs decided to scan its archives for new and old malware samples. In the process, it discovered Poison Frog, a sloppily designed backdoor that masqueraded as the legitimate Cisco AnyConnect application at the time of discovery.
• Most Users Required a Personal Password Reset in the Last Three Months: In a recent study, HYPR found that 78 percent of full-time workers in the U.S. required a password reset sometime in the last three months after forgetting a personal password. The rate was slightly lower for work-related reset requests at just over half (57 percent) of respondents.
• Lazarus-Linked Dacls RAT Makes Waves by Targeting Linux Machines: Back in October, Netlab 360 came across a suspicious ELF file that shared certain characters employed by the Lazarus group. This discovery of the file, nicknamed Dacls, marked the first time that researchers have detected a Lazarus-created threat that’s capable of targeting Linux machines.
• U.S., EU Users Caught in the Crosshairs of Zeppelin Ransomware: Blackberry Cylance spotted threat actors using the newly discovered Zeppelin ransomware to selectively target technology and healthcare organizations in the U.S. and the European Union. Further analysis helped determine Zeppelin to be a member of the VegaLocker ransomware family.
• Dudell Malware Leveraged by Rancor Digital Espionage Group: Palo Alto Networks’ Unit 42 threat research team analyzed the recent attacks of Rancor, a digital espionage group that targeted at least one Cambodian government organization between December 2018 and January 2019. In the process, it discovered a new custom malware family it dubbed Dudell.
• Vulnerability Allowed Threat Actor to Crash WhatsApp on Phones in Shared Group: In August 2019, Check Point Software discovered a bug that enabled a malicious actor to implement a WhatsApp crash-loop on the devices of users in a shared group. The security firm subsequently disclosed this vulnerability to WhatsApp, whose developers issued a fix in update 2.19.246.
• Lateral Movement Used by BuleHero Botnet to Spread Malware Payloads: Researchers at Zscaler observed in their analysis of BuleHero that the botnet used port scanning, Mimikatz, PsExec and WMIC to spread laterally on an affected network. These techniques enabled the threat to distribute both the XMRig miner and Gh0st RAT to a larger number of machines.
• Various Attack Techniques Used by MyKings Botnet to Deliver Forshare: SophosLabs took a deep dive into the workings of the MyKings botnet and found that the threat used various attack techniques against vulnerable Windows servers to deliver Forshare malware. Those tactics included using steganography to conceal a malware payload within an image.

Security Tip of the Week: Focus on Data Protection

Security professionals can help organizations protect their valuable data by using artificial intelligence (AI)-driven tools and automated monitoring solutions to gain intelligent visibility into the network. They can then use that visibility to monitor for suspicious activity that could be indicative of a threat moving laterally across the network.

In support of this monitoring activity, security teams should also consider embracing a zero-trust model for the purpose of setting up micro-perimeters on the cloud and elsewhere.

The post Weekly Security News Roundup: Exposed Credit Card Details Abused Within 2 Hours appeared first on Security Intelligence.