Security News
Researchers have trawled the dark web to see how the underground is responding to the COVID-19 pandemic. Researchers from Trustwave have found that the underground mirrors the overground - some people seek to make money from the crisis, others ignore it, and still others offer genuine help, information and advice to forum members.
While cyber-espionage attacks and malware decreased, other trends, such as security "Errors", denial-of-service campaigns and web application attacks saw startling growth. They're already attacking those service oriented workflows, particularly using things like credentials, which is 80 percent of the attacks.
These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies. Such access allows attackers to directly target business networks or hire skilled "Professionals" to hack into networks to infect machines with malware.
Most breaches are now for financial gain, according to Verizon's report, with web application attacks also on the rise. The latest Data Breach Investigations Report from Verizon Business highlighted a number of alarming statistics about the data breach landscape and the actors behind attacks, finding two-fold increases in web application breaches as well as growth in the number of data breaches conducted for financial gain.
New variants of the Mirai and Hoaxcalls botnets have been targeting an old remote code execution vulnerability in legacy Symantec Secure Web Gateway versions, Palo Alto Networks reports. The targeted vulnerability impacts Symantec Secure Web Gateway 5.0.2.8, a product that reached end-of-life in 2015 and end-of-support-life in 2019.
We think of the dark web as an underground marketplace where cybercriminals buy and sell malicious tools and stolen information to scam innocent victims. Since the arrival of the coronavirus, people on the dark web have been sharing news, information, and concerns via underground communities.
The answer to the "Who" in "Who knows what" is "The government." Last week, the Senate narrowly missed an opportunity to protect Americans' web histories from government surveillance. In June 2015, the Patriot Act was replaced by the USA Freedom Act: a bill meant to clip the NSA's spying powers by slightly inconveniencing its metadata collection from US citizens and introducing more accountability and transparency for it and the FISA court.
Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Now, researchers at Palo Alto Networks' Unit 42 division have observed that same version of the botnet exploiting a second unpatched bug, this time in Symantec Secure Web Gateway version 5.0.2.8, which is a product that became end-of-life in 2015 and end-of-support-life in 2019.
Many organizations are steadfast in their belief that dark web monitoring is a critical part of their security operations and the security industry is happy to fuel that belief. While in some cases and industries it is indeed important to monitor the dark web, where the intelligence can help shape threat mitigation strategies, what most organizations do not realize is that it is often not the case.
The bi-partisan push to install the privacy protection mechanism was led by Senators Ron Wyden and Steve Daines, and came following the news a planned addition to the USA PATRIOT Act, which is due to be renewed this week, would allow law enforcement to collect people's browsing histories without a warrant. "Is it right at this unique time when millions of law-abiding citizens are at home, for the government to be able to spy on their internet searches and web browsing without a warrant?" Wyden asked the Senate ahead of the vote today.