[BreachExchange] How cybercriminals use the deep and dark web to target financial organisations

[Audrey McNeil]

http://www.bobsguide.com/guide/news/2017/Jun/26/how-
cybercriminals-use-the-deep-and-dark-web-to-target-financial-organisations/

Financial organisations face a barrage of threats from a range of different
sources online. There is no doubt that the industry is a prime target for
threat actors ranging from cybercriminals, to hacktivists, to nation
states. In response, financial organisations should prioritise and
implement effective cybersecurity processes, technology and people. Since
most of these threats, actors, and compromised financial information are
intertwined with the deep and dark web, there is also a critical need for
businesses to be aware of and understand these unindexed regions of the
Internet.

Cyber threat actors have recently executed a number of well-publicised
attacks on financial organisations, including as a result of the WannaCry
ransomware attack. These attacks clearly pose a significant corporate risk,
especially at a time now when regulators are stepping up and imposing
harsher penalties on banks that suffer breaches. Following these recent
attacks and harsher regulatory penalties, the issue of cybersecurity is
gaining a greater presence both in the boardroom and in the minds of
C-Suite executives.

What is the deep and dark web?

The dark web refers specifically to a collection of websites that exist on
an encrypted network; they cannot be found via traditional search engines
or visited using traditional browsers. The deep web meanwhile refers to all
web pages that search engines cannot find.

The role of the deep and dark web in threats targeting financial
organisations

The main threats posed by the deep and dark web can be broken down into
three primary concerns:

a) It allows the sharing of best practices

Wherever people congregate, they talk. Although cyber-criminals like to
compete, they also often share best practices. This information-sharing is
why the deep and dark web facilitates so many of the dangerous threats
targeting businesses.There is an interconnected, agile nature to the
cyber-criminal ecosystem, and regardless of their language, skills,
location or affiliation, cyber-criminal groups tend to share a strong
desire to reap the benefits of cross-community collaboration, information
sharing, and even mentorship.

b) It provides a way to sell and monetise criminal gains

The deep and dark web is home to many illicit marketplaces that enable
cyber-criminals to monetise the crimes they commit. Often the exchange is
data for financial remuneration like Bitcoin but it can take on a wide
variety of forms. At its simplest, however, the deep and dark web
facilitates an underground economy for cyber-criminals.

c)  It acts as a network and communications portal

The deep and dark web is ripe with illicit marketplaces and forums that
serve as anonymous places in which cyber-criminals, terrorists, and other
malicious actors often communicate and collaborate. As new forums and
marketplaces emerge, some may decline whereas others continue to attract
new members.

What are the threats financial organisations face?

Financial organisations face a myriad of threats, some of which include:
corporate data theft, credit card fraud, corporate insider threat, emerging
malware and emerging fraud techniques.

Emerging malware, like all of these types of threats, is prevalent on the
dark and deep web. Malware is malicious software specifically designed to
disrupt, damage, or gain unauthorised access to a computer system. As cyber
attackers of all forms seek to stay ahead of security measures aimed to
defend financial institutions, the malware they deploy continues to evolve.
There is a constant cat and mouse game as cyber attackers’ innovation tests
organisations’ defences. Analysing the deep and dark web enables those
tasked with defending networks and data to gain an advantage by helping
them to mitigate emerging malware and other evolving threats.

Threats can also be internal. How does a financial organisation stop an
employee from selling confidential, highly valuable data? Unfortunately,
some employees are willing to do this for a variety of reasons. It has
happened in the past, and there is no shortage of buyers for this
information on the deep and dark web. As this insider threat activity is
illegal and poses substantial risks to organisations and their
stakeholders, having visibility into the areas from which many of these
threats emerge -- the deep and dark web -- is crucial.

How can these threats be countered?

The number one way to mitigate the risk emanating from adversaries who are
utilising the deep and dark web is to understand and effectively monitor
their activity in that space. If you know what your adversary will do
before he or she does, then you can act to mitigate the threat and
implement the defences needed to guard against an attack.

Linguistic and cultural expertise are also vital to using the deep and dark
web for defensive purposes. Understanding how criminals speak and the true
meaning behind their interactions is crucial; the most successful analysts
have spent years immersed in the deep and dark web working to acquire and
hone their skills.

Outside of the deep and dark web there are a number of actions financial
organisations can take to address threats proactively and bolster their
security. I would advise strongly that CISO and CIOs implement robust
systems to ensure that people, processes and technology all are up-to-date
and aligned. Defence requires constant vigilance and agility. Practically
speaking, using two-factor authentication, patching and updating software
regularly, maintaining firewalls, changing default passwords, raising
employee awareness of cybersecurity best practices and creating
off-the-grid-backups will all help in protecting an organisation from the
many threats they face.

We know that cyber attackers motivated by financial gain are using the deep
and dark web to coordinate attacks on financial organisations. For them,
the rewards following a successful breach can be significant. On the flip
side, the damages incurred by the breached institution could be
catastrophic. It is therefore critical that cybersecurity -- including
effective monitoring of the deep and dark web -- remains a priority.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170626/309eb795/attachment.html>