Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies

(Req)

These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Using the dark web to predict and protect against Ransomware

Blog

Ransomware attacks have recently emerged as the prominent cybersecurity threat. While this year’s high profile WannaCry and Petya ransomware attacks grabbed the headlines, the threat has been evolving for decades, albeit with increased speed in the last couple of years. According to one report, 49% of businesses fell victim to some form of cyber-ransom attack in 2016.

What’s more, ransomware is becoming more aggressive and is constantly evolving to exploit the weaknesses in businesses’ infrastructure. Mitigating this risk requires a proactive approach that hunts for the next likely threat before it wreaks enormous damage. And this can be done most effectively by meeting cybercriminals on their own turf: the dark web.

In this post, we will look at how security specialists can use the so-called ‘dark web’ to fight back against the threat posed by ransomware by using it to monitor criminal activity and predict and protect against future attacks.

Our new report, Ransomware: The Prevalent Business Disruptor, offers guidance on how to limit the risks posed by ransomware attacks. We would encourage you to download your free copy today.

What is the dark web?

If we think of the internet as an ocean, the websites that most of us access daily through public search engines amount only to the surface (approx. 4% of the world wide web)—hence why this has been called the ‘surface web’.

By contrast, the deep web refers to the rest of the world wide web which cannot be reached via public search engines and includes government databases, academic information and medical records.

The dark web, meanwhile, refers to areas within the deep web that have been purposefully hidden and can only be accessed through purpose-built browsers, such as Tor, which grant its users anonymity.

Because of its anonymity, the dark web has become a hotbed for black-market activity, such as the buying and selling of narcotics, weapons and indecent images. It is also used by cybercriminals to brag, exchange ideas and sell the “spoils of war”. These “spoils of war” often include credit card details and user accounts that are sold to the highest bidder. The dark web has also become the place to sell advanced exploits that enable a variety of activities:

  • Access to specific and already compromised systems
  • Lists of software patches that have been compromised
  • Pre-packaged ransomware

Access to these dark web pages is rarely granted to the public. Membership is vetted, controlled and access withheld. For example, a new visitor might need to demonstrate that they have hacked an organisation or sold an illegal item before being granted access to the content on these websites.

But what if you could find out what is being discussed in the dark web without compromising your identity and organisation? You could then use this information to mitigate the security risks posed by future attacks.

Predicting the next attack

The main benefit of taking an approach like this is that it helps predict attacks before they happen – international law enforcement agencies like the FBI and Europol are already doing something similar. Businesses would be one step ahead of cybercriminals, proactively hunting for threats rather than reactively responding to them once it is already too late:

  • They would be able to tell what type of exploits are being traded and install the relevant patches to protect against these attacks.
  • If, by monitoring dark web ‘chatter’, organisations realised they were perceived as a specific target, they would have advance warning and take the relevant security measures.
  • If an attack had already been instigated, victims could have a clearer understanding of exactly what the attack was and how to fight it off.

The ultimate goal here would be to predict and prevent ‘headline-grabbing’ attacks like WannaCry and Petya. There are several ways to predict major attacks on the dark web:

  • Zero in on the nature of the conversations taking place. An attack is highly likely if a new exploit has been found and there are a lot of “buyers” for the exploit.
  • Monitor and measure the number of times the same exploit is mentioned in different message boards. For the Petya ransomware, we found that chatter regarding an exploit had increased greatly before it struck.

The need for a new approach

The WannaCry and Petya attacks caused large-scale damage, affecting human lives on an unprecedented scale—a critical infrastructure shutdown of Ukraine’s Chernobyl nuclear plant, cancellations of surgery appointments on the UK’s NHS and disruption to speed cameras in Melbourne. Some reports predict that the global cost of ransomware attacks in 2017 will be as high as $5 billion.

Dr. Paulo Shakarian of Arizona State University, who studies the developing threat posed by ransomware, explains:

Lately the criminal hacking community seems set on finding exploits for vulnerabilities that are exposed to a large number of systems. If they can launch their attack in a timely manner against enterprises who are slow to patch, they can still cause large-scale damage and potentially gain long-term access in these systems.

While patching is the most effective way to counter these attacks, it is reactive rather than proactive and predictive. Worse still, in some cases, such as legacy systems, patching may not be possible. The good news is, even if we could not roll out the patches in time, there are many other mitigation methods. For example:

  • Configuring WAF to “virtually” patch all devices;
  • Creating an IPS signature to block the traffic;
  • Placing the monitoring team on high alert for an attack, while paying extra attention to critical systems; and
  • Preparing the operations and PR team for an eventual cyberattack.

The value of dark web monitoring against threats like ransomware cannot be underestimated. By understanding what the enemy are doing, organisations can be better prepared to defend against attacks and potentially save considerable sums of money and their reputations.

To find out more about protecting your organisation from ransomware attacks, download our whitepaper here.

Previous Article: Don't let location limit your workplace, here's how Next Article: How to get hybrid cloud to live up to its promise

You may be interested in

Blog

Protect your data from the inevitable ransomware attack

To cope with this new kind of threat, your backup and recovery strategy needs to adapt.

Read blog
Blog

What I learned from hacking the Winter Olympics

I used to think that technology was the answer to all security questions, but my experience post 9/11 taught me that governance should always be the starting point for security discussions.

Read blog
Blog

The two-way conversation you need to have with your CEO on cybersecurity

With cyberattacks featuring regularly in mainstream news, it’s good to see that Boards and CEOs are becoming more cybersecurity conscious.

Read blog
Blog

Balancing risk and innovation

There’s no question that digital is the way forward. It offers tremendous benefits to your business: faster speed to market, more business intelligence and improved customer relationships.

Read blog