fbpx

Stop your data going dark

We’re living in a world with more focus on cybersecurity than ever before. With the shift to widespread working from home, the pandemic has shone the spotlight on security awareness. This is true in our professional lives in order to prevent corporate information from falling into the wrong hands, but also impacts our personal lives. As consumers began to spend even more time online, businesses across every industry rushed to supplement traditional sales methods and customer interactions with digital equivalents.

This forced pivot to focus on digital has created countless new opportunities for cybercriminals to attack. With news of data breaches and information for sale on the dark web seeming like a daily occurrence, consumers have become desensitized to the risks posed by hackers – but this is largely due to a lack of awareness.

During a time where much of the world is spending more time online and the risk of cyberthreats is at an all-time high, it’s critical that consumers know what they’re up against. Our recent research has revealed that 40% of people don’t know what the dark web is, let alone how their data could be compromised. So what actually is the dark web and how do we make sure we know if our information ends up there?

The unknown side of the internet

The dark web consists of the parts of the internet which cannot be accessed through search engines like Google. Awareness stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records. This is alarming when 80% of data breaches are a result of weak passwords and we consider that 92% of Brits admit to password reuse despite being well aware of the consequences.

Most people don’t really understands the true extent of the dark web, with estimates that it ranges from 0.005% to 96% of the entire world wide web. That said, a recent study from the University of Surrey revealed that almost two-thirds (60%) of listings on the dark web had the potential to harm enterprises. While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves.

Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.

Has your information been exposed?

Our research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web – and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think – since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.

Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. 

Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.

It starts with awareness

While detection is a fundamental part of the puzzle, keeping ahead of cybercriminals starts with awareness. The human element is often the weakest link in the security chain, with people failing to change default security settings or using the same password across different platforms in their professional and personal lives. But equally, not all employers have made it a priority to drive a culture of security awareness throughout their organisation.

Security is an ever-changing process rather than a one-time project, and people must work together to get their security practices into shape. Remote work will likely remain the norm for a large proportion of businesses, even as the world continues to reopen its doors. The associated security challenges won’t simply disappear, but will likely rise as the drive online continues. With so many exposed credentials available for sale on the dark web, we’d all do well to renew our focus on cybersecurity. Using unique, randomly generated passwords across different accounts, and investing in solutions with built-in privacy features are a good place to start.

[Source: This article was published in techradar.com By Barry McMahon - Uploaded by the Association Member: Dana W. Jimenez]

Categorized in Deep Web

The lingering COVID-19 pandemic has driven many businesses to reimagine how both their workforce and consumers will interface in the future. For employees, working from home has presented new challenges and opportunities.

The lingering COVID-19 pandemic has driven many businesses to reimagine how both their workforce and consumers will interface in the future. For employees, working from home has presented new challenges and opportunities. Time previously spent commuting is saved, while communal areas of the home have been re-purposed into makeshift office space, and the daily wardrobe is dictated by scheduled video-conferences. For consumers, the slow migration away from brick and mortar stores has become a sprint, largely mandated by local health orders closing stores. Even stores that remained “open” have implemented online or remote/physically distanced measures to connect with consumers. Buying groceries, clothing, food for delivery, and even dating and other social interactions have moved almost entirely online. As daily “living” moves online individual privacy rights have garnered more attention...

Read More...

[Source: This article was published in law.com By Bradford Hughes - Uploaded by the Association Member: Robert Hensonw]

Categorized in Work from Home

In 2020, phishing is just about the common kinds of cyberattacks on businesses and individuals alike. 56% of IT decision-makers state that phishing attacks will be the top security threat they truly are facing, with 32% of hacks involving phishing. Here is video phishing and how you protect your self.

Phishing is no longer limited to emails from Nigerian princes offering the recipients massive returns on investments.

Many phishing messages and internet sites have become sophisticated to the point that users are no longer in a position to recognize them without specific training. Google now blacklists an average of 50,000 internet sites for phishing every week.

On the upside, the ways that it is possible to protect your self from phishing attacks have evolved aswell in recent years. They range from using up-to-date firewall software to using secure platforms such as for example cloud-based business phone services.

A new threat is looming on the horizon: video phishing.

Driven by technological advances, artificial intelligence, and machine learning, this new trend has the potential of causing catastrophic security breaches.

Keep reading to find out what video phishing is, what it seems like, and how you can protect yourself.

How does Video Phishing work?

Surprise! Elon Musk is interrupting your Zoom call.

Sounds fake? It is.

But it looks disturbingly real.

See the end of the document for embed.

The video above shows a software of Avatarify, a tool manufactured by a researcher to transform users in to celebrities in real-time throughout Zoom or Skype calls. Its inventor, Ali Aliev, says that the program’s purpose was to have some fun throughout COVID-19 lockdown — by surprising friends during video conferences as Albert Einstein, Eminem, or the Mona Lisa.

The technology behind donning someone else’s animated face like a mask is called deepfaking.

Deepfakes are relatively new applications of machine learning tools. These tools generate realistic faces by analyzing 1000s of videos and images of a target’s face and extracting patterns for common expressions and movements. Then, these patterns can be projected onto anybody, effectively morphing them in to someone else.

You utilize the image of  Elon Musk. Or President Obama. In fact, a deep fake video of the former President calling his successor ‘a total and complete dips**t’ went viral in 2018.

The implications of this technology for cybersecurity are wide-reaching and potentially disastrous.

BECAUSE RATHER THAN TROLLING YOUR PALS, OR INSULTING PRESIDENT TRUMP VIA SOME BODY FAMOUS DEEPFAKES — YOU WON’T KNOW IF IT’S FRIENDS BEING COMICAL — OR THE DANGEROUS, VIDEO PHISHING.

What will be the Dangers of Video Phishing?

According to CNN, the majority of deepfake videos on the net as of the conclusion of 2019, were pornography. In total, 15,000 of such videos were counted. That might not seem like much, taking into consideration the vastness of the internet.

The reason behind these rather limited numbers has been that generating convincing deepfakes has a fair amount of computational power. Avatarify, for example, takes a high-level gaming PC to operate properly.

But lower-quality applications have been completely developed, like a face-swapping app that got banned again fairly quickly.

It is a question of time before deepfake technology becomes widely available. And widely used for cybercrime.

Some of those scams have been completely recorded and you can find them on YouTube.

In one case, hackers used similar technology to deepfake the voices of Chief executive officers and sent voicemail messages to executives. They succeeded in effecting a transfer of a mind-boggling $243,000.

In still another case, three men were arrested in Israel for swindling a businessman out of $8 million by impersonating the French foreign minister.

Experts already are warning against other possible applications of deepfake videos for frauds to generate funds. One scenario, for example, is extortion. Hackers could threaten the release of a video containing content that may be damaging to a person’s or business’ reputation. Such content could range from straight-out pornography to the CEO of a business endorsing racist views.

As experiences have shown, that may be disastrous. For businesses, even the regular type of ‘fake news’ might have catastrophic impacts on industry relationships, and even their stock market values.

“Those kinds of things can put a company out of business through reputation damage,” Chris Kennedy of the AI cyber-security platform AttackIQ said in a recent interview with Forbes. “We’re hitting the tipping point in which technology is taking advantage of the biggest human weakness, we’re over-trusting.”

How to Defend Yourself against Deepfake Video Phishing

Today, having a higher cybersecurity standard is more important than in the past. With on the web life proliferating during the COVID-19 crisis, scams and phishing attacks have flourished aswell.

The good news regarding phishing videos is that the technology, as of 2020, is still relatively new, and the case numbers relatively low. That means that individuals and companies have time and energy to prepare, and disseminate information to ward against such attacks.

Know the essential defense moves

As a most basic kind of defense, careful attention is advised in the event that you receive an unsolicited video call, particularly from some body famous or in a position of authority. Never trusting caller IDs, hanging up instantly, and perhaps not sharing any information on such calls is important.

If you receive video messages that could be authentic, nevertheless, you are uncertain about it, you should use software to find out if that which you are facing is a deep fake. For example, businesses such as Deeptrace offers computer software with the capability to recognize AI-generated video content.

Apart from that, some low-tech solutions to force away video phishing are having agreed-upon code words when communicating about painful and sensitive information via video messaging, using a 2nd communication channel to confirm information, or asking security questions that your interlocutor can only answer if they are the real thing.

Basically, pretend you’re in an old James Bond film. ‘In London, April’s a Spring month’ and all that.

Final Thoughts

Using AI to morph into somebody else and extract sensitive information may still sound futuristic. But it’s only a question of time until video phishing hits the main-stream.

As technology advances and artificial intelligence and machine learning applications to copy the face area and voice of people become widely available, how many deepfake scams is set to undergo the roof.

[Source: This article was published in digitalmarketnews.com By Kanheya Singh - Uploaded by the Association Member: Issac Avila]

Categorized in Deep Web

There are more than 15 billion stolen account credentials circulating on criminal forums within the dark web, a new study has revealed.

Researchers at cyber security firm Digital Shadows discovered usernames, passwords and other login information for everything from online bank accounts, to music and video streaming services.

The majority of exposed credentials belong to consumers rather than businesses, the researchers found, resulting from hundreds of thousands of data breaches.

Unsurprisingly, the most expensive credentials for sale were those for bank and financial services. The average listing for these was £56 on the dark web – a section of the internet notorious for criminal activity that is only accessible using specialist software.

“The sheer number of credentials available is staggering,” said Rick Holland, CISO at Digital Shadows.

“Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

Mr Holland said that his firm had alerted its customers to around 27 million credentials over the past one-and-a-half years that could directly affect them.

The number of stolen credentials has risen by more than 300 per cent since 2018, due to a surge in data breaches. An estimated 100,000 separate breaches have taken place over the last two years.

Among the credentials for sale were those that granted access to accounts within organisations, with usernames containing the word "invoice" or "invoices" among the most popular listings.

Digital Shadows said it was unable to confirm the validity of the data that the vendors purport to own without purchasing it. The researchers said that listings included those for large corporations and government organisations in multiple countries.

Security experts advise internet users to use individual passwords for each online service that they use, while also adopting measures like two-factor authentication where possible.

Online tools like HaveIBeenPwned can also indicate whether a person's email address has been compromised in a major data breach.

 [Source: This article was published in independent.co.uk By Brien Posey - Uploaded by the Association Member: Anthony Cuthbertson]

Categorized in Internet Privacy

Ohio and Washington emerged as new hotspots for internet crime in 2019, though California continues to lead with the largest online fraud victim losses and number of victims, according to research from the Center for Forensic Accounting in Florida Atlantic University's College of Business.

California online victim losses increased 27 percent from 2018 to $573.6 million in 2019. The number of victims in California increased by 2 percent to 50,000.

Florida ranked second in victim losses ($293 million) and also posted the largest annual increase in both victim losses and number of victims over the past five years. The average loss per victim in the Sunshine State grew from $4,700 in 2015 to $10,800 in 2019, while the average victim loss jumped 46 percent from 2018.

When victim losses are adjusted for population, Ohio had the largest loss rate in 2019 at $22.6 million per 1 million in population, rising sharply from $8.4 million in 2018. Washington had the highest victim rate at 1,720 per 1 million in population.

Ohio and Washington replaced North Carolina and Virginia, which ranked among the top states in 2018.

The other top states in the latest   report were New York and Texas. The report is based on statistics from the FBI, which collects data from victims reporting alleged internet crimes.

"Fraudsters are getting more efficient at going after where the money is," said Michael Crain, DBA, director of FAU's Center for Forensic Accounting. "There doesn't seem to be any mitigation of the growing trend of online crime. The first line of defense from online fraud is not a technology solution or even law enforcement; it's user awareness. From a policy perspective, governments and other institutions should get the word out more so that individuals and organizations are more sensitive to online threats."

Crimes such as extortion, government impersonation and spoofing became more noticeable last year for their increases in victim losses and number of victims, according to the report. Business email compromise/email account compromise (BEC/EAC) remains the top internet crime in 2019 with reported losses of $1.8 billion, followed by confidence fraud/romance ($475 million) and spoofing ($300 million) schemes.

Spoofing, the falsifying of email contact information to make it appear to have been originated by a trustworthy source, was the crime with the largest percentage increase in victim losses (330 percent) of the top states during 2019.

BEC/EAC, in which business or personal email accounts are hacked or spoofed to request wire transfers, accounted for 30 percent to 90 percent of all victim losses last year in the top states and has grown significantly since 2015.

In confidence fraud/romance, an online swindler pretends to be in a friendly, romantic or family relationship to win the trust of the victim to obtain money or possessions.

For online investment fraud, in which scammers often lure seniors with promises of high returns, California leads the top states with $37.8 million in victim losses, but Florida's population-adjusted loss rate of $1.1 million makes it the state where victims are likely to lose the most money.

A major problem is that most internet crime appears to originate outside the United States and the jurisdiction of U.S. authorities.

"Foreign sources of internet crimes on U.S. residents and businesses make it challenging for whether  levels can be reduced as the public becomes more connected and dependent on the internet," the report states.

[Source: This article was published in phys.org By Paul - Uploaded by the Association Member: James Gill]

Categorized in Online Research

With much of the country still under some form of lockdown due to COVID-19, communities are increasingly reliant upon the internet to stay connected.

The coronavirus’s ability to relegate professional, political, and personal communications to the web underscores just how important end-to-end encryption has already become for internet privacy. During this unprecedented crisis, just like in times of peace and prosperity, watering down online consumer protection is a step in the wrong direction.

The concept of end-to-end encryption is simple; platforms or services that use the system employ complex software to ensure that only the sender and the receiver can access the information being sent.

At present, many common messaging apps or video calling platforms offer end-to-end encryption, while the world’s largest social media platforms are in various stages of releasing their own form of encrypted protection.

End-to-end encryption provides consumers with the confidence that their most valuable information online will not be intercepted. In addition to personal correspondence, bank details, health records, and commercial secrets are just some of the private information entered and exchanged through encrypted connections.

With consumers unable to carry out routine business in person, such as visiting the DMV, a wealth of private data is increasingly being funneled into online transactions during the COVID-19 pandemic.

Unsurprisingly, however, the ability to communicate online in private has drawn the ire of law enforcement, who are wary of malicious actors being able to coordinate in secret. For example, earlier this year Attorney General Bill Barr called on Apple to unlock two iPhones as part of a Florida terror investigation.

The request is just the latest chapter in the Justice Department’s battle with cellphone makers to get access to private encrypted data.

While Apple has so far refused to forgo the integrity of its encryption, the push to poke loopholes into online privacy continues. The problem is not the Justice investigation, but rather the precedent it would set.

As Apple CEO Tim Cook noted in 2016, cracking encryption or installing a backdoor would effectively create a “master key.” With it, law enforcement would be able to access any number of devices.

Law enforcement agents already have a panoply of measures at their fingertips to access the private communications of suspected criminals and terrorists. From the now-infamous FISA warrants used to wiretap foreign spies to the routine subpoenas used to access historic phone records, investigators employ a variety of methods to track and prosecute criminals.

Moreover, creating a backdoor to encrypted services introduces a weak link in the system that could be exploited by countless third-party hackers. While would-be terrorists and criminals will simply shift their communications to new, yet-to-be cracked encryption services, everyday internet users will face a higher risk of having their data stolen. An effort to stop the crime that results in an opportunity for even more crime seems like a futile move.

Efforts to weaken encryption protections now appear even more misjudged due to a rise in cybercrime during the COVID-19 pandemic. Organizations such as the World Health Organization have come under cyberattack in recent weeks, with hundreds of email passwords being stolen.

Similarly, American and European officials have recently warned that hospitals and research institutions are increasingly coming under siege from hackers. According to the FBI, online crime has quadrupled since the beginning of the pandemic. In light of this cyber-crimewave, it seems that now is the time for more internet privacy protection, not less.

Internet users across America, and around the world, rely on end-to-end encryption for countless uses online. This reliance has only increased during the COVID-19 pandemic, as more consumers turn to online solutions.

Weakening internet privacy protections to fight crime might benefit law enforcement, but it would introduce new risk to law-abiding consumers.

[Source: This article was published in insidesources.com By Oliver McPherson-Smith- Uploaded by the Association Member: Jennifer Levin]

Categorized in Internet Privacy

While public safety measures have started to relax, the surge of malware accompanying the pandemic is still making headlines. As a recent study points out, hackers have created no less than 130 000 new e-mail domains related to Covid-19 to carry out what analysts now call ”fearware” attacks.

A lot of these domains and attacks are tied to the same source: the dark web. From selling vaccines and fake drugs to simply spreading panic, the dark web has been the host of many pandemic-related threats. And these attacks were just the latest addition to the dark web’s regular activity including, but not restricted to botnets, cryptojacking and selling ransomware.

However, to see how threats from the far reaches of the Internet can affect your company or clients, we must delve deeper into the concept of “dark web’’.

In the first part of our article, we try to understand the dark web’s structure and acknowledge its growing importance to cybersecurity teams.

What is the Dark Web?

Simple users or security specialists, most of us spend our time online the same way: tied to a few popular websites and chat clients or perusing pages through a search engine. This activity, mediated by traditional browsers and apps, accounts for an almost endless amount of content.

But, as copious as this content might seem, it’s only a small percentage of what the Internet has to offer – as little as 4%, according to CSO Online. The rest of it? An enormous collection of unindexed websites, private pages, and secluded networks that regular search engines cannot detect, bearing the generic moniker of ‘’ deep web’’.

The deep web covers just about anything that’s hidden from the public eye, including exclusive and paid content, private repositories, academic journals, medical records, confidential company data, and much more. In a broad sense, even the contents of an e-mail server are part of the deep web.

However, there is a certain part of the deep web that’s noticeably different. How? Well, if the deep web, in general, is content that can’t be found through conventional means, the dark web is that part of it that does not want to be found.

The dark web exists through private networks that use the Internet as support but require specific software to be accessed, as well as additional configurations or authorization. While the dark web is only a small part of the deep web, it allegedly still accounts for around 5% of the entire Internet… and for a lot of its malicious activity.

Since the dark web can’t be accessed directly, users need to use special software such as the Tor browser, I2P, or Freenet. Tor, also known as The Onion Router, is perhaps the best-known means of accessing the dark web, as it is used both as a gateway and a security measure (limiting website interactions with the user’s system). While the protocol itself was initially developed by a Navy division before becoming open source, the project is currently administered by an NGO.

I2P (The Invisible Internet Project) specializes in allowing the anonymous creation and hosting of websites through secure protocols, directly contributing to the development of the dark web.

At this point, it’s worth stating that many dark web sites are not in any way malicious and might just be private for security reasons (journalism websites for countries where censorship is rampant, private chat rooms for people affected by trauma, etc.). It’s also worth noting that platforms such as Tor are not malicious in themselves, with their technology being also used by many legitimate companies. However, the dark web offers two very powerful abilities to its users, both of them ripe for abuse.

These abilities are complete anonymity and untraceability. Unfortunately, their dangers only became visible after Silk Road, probably the world’s largest illegal online market at the time was closed. A similar ripple was also produced by the closing of the gigantic Alphabay, an even more comprehensive follow-up to Silk Road.

The Dangers of Anonymity

The truth is, dark web sites have been known to sell just about anything from drugs and contraband, guns, subscription credentials, password lists, credit cards to malware of all types, as well as multiple other illegal wares. All without any real control, from website owners or authorities, and all under the guard of encryption. Back in 2015, a study classified the contents of more than 2,700 dark web sites and found that no less than 57% hosted illicit materials!

Obviously, this prompted authorities to take action. Some law enforcement agencies have started monitoring Tor downloads to correlate them with suspicious activity, while others, such as the FBI, established their own fake illegal websites on the dark web to catch wrong-doers.

Even with such measures in place, the dark web’s growth is far from coming to a halt. Its traffic actually increased around the Covid-19 pandemic and the technology’s 20th anniversary. It is estimated that in 2019 30% of Americans were visiting the dark web regularly, although mostly not for a malicious purpose. Furthermore, as large social networks increase their content filtering and as web monitoring becomes more prevalent on the „surface web”, the dark web is slowly becoming an ideological escape for certain vocal groups.

While these numbers can put things into perspective, many security experts, from both enterprise organizations and MSSPs, might ask: ”Alright, but what does that have to do with my company? Why do I have to monitor the dark web?”

In the second part of our article, you will learn what Dark Web threats are aimed directly at your enterprise, and how an efficient Threat Intelligence solution can keep them at bay.

[Source: This article was published in securityboulevard.com By Andrei Pisau - Uploaded by the Association Member: Alex]

Categorized in Deep Web

New search engine Kilos is rapidly gaining traction on the dark web for its extensive index that allows users access to numerous dark web marketplaces.

A new search engine for the dark webKilos, has quickly become a favorite among cybercriminals and here’s why.

It all began when the dark web search engine, Grams, launched in April 2014. Grams was an instant hit, proving useful not only to researchers but cybercriminals too.

The search engine used custom APIs to scrape some of the most prominent cybercriminal markets at the time. These include AlphaBayDream Market, and Hansa.

In addition to helping searchers find an illicit product using simple search terms, Grams also provided Helix, a Bitcoin mixer service. That way, users can conveniently hide their transactions on the platform.

Yes, Grams was a revolutionary tool for cybercriminals on the dark web. But, it’s index was still relatively limited.

In a Wired interview, an administrator stated that the team behind Grams didn’t have the capabilities to crawl the whole darknet yet. So, they had to create an automated site submitter for publishers to submit their site and get listed on the search engine.

Despite Grams’ success, it would not remain for long. In 2017, the administrators shut down the search engine’s indexing ability and took the site down.

However, a new search engine would eventually rise to take Grams’ place two years later.

Kilos Became the Favorite Search Engine on the Dark Web

In November 2019, talks of a new dark web-based search engine called Kilos started making rounds on cybercriminal forums.

According to Digital Shadows, it’s uncertain whether Kilos has pivoted directly from Grams or if the same administrator is behind both projects. However, the initial similarities are uncanny.

For example, they both share a similar search engine-like aesthetics. Also, the naming convention remained the same, following the unit for weight or mass measurement.

Expectedly, Kilos pack more weight than Grams ever did.

Thanks to the new search engine, searchers can now perform more specific searches from a more extensive index. Kilos enable users to search across six of the top dark web marketplaces for vendors and listings.

These include CryptoniaSamsaraVersusCannaHomeCannazon, and Empire.

According to Digital Shadows, Kilos has already indexed 553,994 forum posts, 68,860 listings, 2,844 vendors, and 248,159 reviews from seven marketplace and six forums. That’s an unprecedented amount of dark web content.

What’s more, the dark web search engine appears to be improving, with the administrator introducing new updates and features. Some of these features include:

  • Direct communication between administrator and users
  • A new type of CAPTCHA to prevent automation
  • Advanced filtering system
  • Faster searches and a new advertising system
  • New Bitcoin mixer called Krumble

Kilos are gradually becoming the first stop for dark web users. From individuals looking to purchase illicit products to those searching for specific vendors, tons of users now depend on the search engine.

This could further increase the amount of data that’s available to security researchers as well as threat actors.

[Source: This article was published in edgy.app By Sumbo Bello - Uploaded by the Association Member: Jennifer Levin]

Categorized in Search Engine

DENVER, March 24, 2020 (GLOBE NEWSWIRE) -- TruKno, a Denver-based startup focused on improving the way cybersecurity professionals find and leverage critical information and experts, today announced the launch of the first search platform built from the ground up for the cybersecurity industry.

TruKno combines access to niche experts with the latest attack vectors, breach data, mitigation practices, innovative solutions and associated vendors to equip cybersecurity professionals with the necessary information to contend with the constantly changing threat landscape. The robust TruKno search platform currently includes more than 20,000 items and more content is added daily. 

“Cybersecurity has become a never-ending game of cat-and-mouse between hackers seeking to exploit vulnerabilities and cybersecurity professionals working to mitigate known and unknown risks to networks,” said Manish Kapoor, founder and CEO of TruKno. “In cybersecurity, finding the right information at the right time is crucial, but the fragmented nature of the industry makes being able to actually pinpoint and utilize that information an enormous challenge — with devastating consequences for failure. Our search platform consolidates all consequential components to give users the most thorough understanding of any given threat.”

“Previously, there was no platform that truly integrated all relevant cyber information in one place,” said James Carder, chief security officer at LogRhythm. “TruKno is delivering real value to the cyber community by consolidating and curating vital threat intelligence and aligning it to specific solutions, solution providers and niche experts.”

Developed by Kapoor, a seasoned technology industry professional with more than 20 years of experience in field sales, business development and product management, TruKno was created to provide context surrounding top cybersecurity threats. Kapoor’s background includes more than 10 years at Cisco Systems, helping various global service providers launch new, managed/cloud/hosted cybersecurity services. He earned an electrical engineering degree from the University of Colorado Boulder and a master’s in business management from Harvard University.

“Current search engine results are too general and have become skewed by SEO manipulation, paid advertising and changing algorithms. As such, traditional information-sourcing methods are inefficient,” Kapoor continued. “That is why we believe the future of search is curated. Curated search both excludes low-value content and brings specific content to light that might not have otherwise shown up in generic search results.”

TruKno will be hosting daily informational webinars over the next several days. To register, or for more information about TruKno’s curated search platform for cybersecurity, please visit www.TruKno.com.

About TruKno
TruKno is the first curated search platform built from the ground up for the cybersecurity industry. Based in Denver, TruKno provides a better, faster way for industry professionals to identify and comprehend top cyber threats, consolidating all related information, including the latest breaches, mitigation practices, innovative solutions, associated vendors and access to niche experts. TruKno empowers cybersecurity experts to share knowledge and highlight their personal experience, strengthening the cybersecurity community. For more information, visit www.TruKno.com.

[Source: This article was published in markets.businessinsider.com - Uploaded by the Association Member: Deborah Tannen]

Categorized in Search Engine

Protect yourself by learning about this mysterious digital world

Below the surface, the internet you recognize and use for your browsing is a shadowy, digital netherworld. According to a report by Cybersecurity Ventures, cybercrime is projected to cost the world more than $6 trillion annually by 2021. At the heart of most cybercrime is the Dark Web.

The Dark Web is making its way into the public sphere more and more, but much remains unclear and misunderstood about this mysterious digital world that most of us will never see. Here’s what you need to know:

Three Layers of the Web

The World Wide Web has three distinct layers. The first is the Surface Web, where most people do searches using standard browsers. The second is the Deep Web, which is not indexed in standard search engines and is accessed by logging in directly to a site; it often requires some form of authentication for access. Finally, there is the Dark Web, which is only accessible through specific browsers. Its most common browser, Tor, encrypts all traffic and allows users to remain anonymous.

Gaining access to Dark Web sites often requires an invitation which is offered only after a substantial vetting process. Purveyors of these sites want to keep out law enforcement, although “white hat” hackers (computer security experts) and law enforcement have successfully broken through. Some identity theft protection services provide Dark Web monitoring to see if your personal information, such as your credit card, has been stolen. Often it is through the monitoring of the Dark Web that security professionals first become aware of massive data breaches by researching the commonality of large troves of personal information being sold.

Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed the email is indeed legitimate.

It is on these criminal Dark Web sites that all kinds of malware, like ransomware, are bought and sold. Other goods and services bought, sold and leased on these Dark Web cybercrime websites include login credentials to bank accounts, personal information stolen through data breaches, skimmers (devices to attack credit card processing equipment and ATMs) and ATM manuals that include default passwords.

Be Aware of Cybercrime Tools

Amazingly, the Dark Web sites have ratings and reviews, tech support, software updates, sales and loyalty programs just like regular retail websites. Many also offer money laundering services. Additionally, botnets (short for “robot network”) of compromised computers can be leased on the Dark Web to deliver malware as well as phishing and spear phishing emails (these appear to be sent from a trusted sender, but are seeking confidential information).

While the actual number of cybercriminal geniuses is relatively small, they’ve developed a lucrative business model. They create sophisticated malware, other cybercrime tools and their delivery systems, then sell or lease those tools to less sophisticated criminals.

The proliferation of ransomware attacks provides a good example of how this business model operates. Ransomware infects your computer and encrypts all of your data. Once your data has been encrypted, you, the victim of a ransomware attack, are told that a ransom must be paid within a short period of time or your data will be destroyed. Ransomware attacks have increased dramatically in the past few years and are now the fastest growing cybercrime.

Cybersecurity Ventures says companies are victimized by ransomware every 14 seconds, at a cost of $11.5 billion worldwide this year. While the creation and development of new ransomware strains requires great knowledge and skill, most ransomware attacks are being perpetrated by less sophisticated cybercriminals who purchase the ransomware on the Dark Web.

Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

Phishing, and more targeted spear phishing, have long been the primary way that malware, such as ransomware and keystroke logging malware used for identity theft purposes, are delivered. Phishing and spear phishing lure victims into clicking links within emails that download malware onto their computer systems.

Sophisticated cybercriminals now use artificial intelligence to gather personal information from social media such as Twitter, Facebook, Instagram and other sites to produce spear phishing emails with high success rates.

How to Protect Yourself

The best thing you can do to protect yourself from having your information turn up on the Dark Web is to avoid downloading the malware that can lead to your information being stolen or your computer being made a part of a botnet. Never click on any links in an email regardless of how legitimate the email may appear unless you have confirmed that the email is indeed legitimate.

Relying on security software is not enough to protect you, because the best security software is always at least a month behind the latest strains of malware. Regardless of how protective you are of your personal information, you are only as safe as the legitimate institutions that have your information.

In this era of constant data breaches, it is advisable to use an identity theft protection service that will monitor the Dark Web and alert you if your information appears there.  And there are websites which offer guidance on what to do if this happens to you. These monitors are a small flashlight shedding a beam on a very dark section of the digital universe and may help avoid major headaches before it’s too late.

[Source: This article was published in nextavenue.org By Steve Weisman - Uploaded by the Association Member: David J. Redcliff]

Categorized in Deep Web
Page 1 of 3

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.