People who undertake cybercrime on the dark web in the world of corona misfortune
background photo created by Jcomp - jp.freepik.com
Some people commit crimes on the dark web
In the midst of the corona crisis, the way people work has changed significantly. Not to mention the spread of remote work, some people may have seen bicycles and motorbikes delivering meals all over town. An increasing number of people have flexible working styles, such as short-term contracts and freelance work.
However, due to the rapid increase in job opportunities overseas, some people have resorted to illegal cybercrime. Unscrupulous hackers sometimes contract with website hacking services or place advertisements to hire hackers.
The stage of activities of such cybercriminals is mainly the "dark web". Web content in the "darknet" that requires specific software, settings, authentication, etc. to access. The user's identity and location remain anonymous, and it is characterized by being able to exchange files secretly.
It cannot be accessed from a normal web browser, and can only be accessed through networks such as "Tor (The Onion Router)" and "I2P (Invisible Internet Project)". However, the standards for realizing anonymization and the software that composes the network cannot be unconditionally said to be evil. The dark web itself is only highly anonymous, and is not illegal per se.
However, some people may know about crimes on the "dark web" from the news. The problem is that the dark web has become a hotbed for personal information and illegal transactions by exploiting its high anonymity. Trading illegal content, selling malware, and cybercrime services are gaining popularity there.
Not only are the hacking services themselves traded, but the databases that are stolen using them are also popular on the dark web. Databases contain vast amounts of personal information, from first and last names to credit card numbers, which makes them useful to cybercriminals.
In such a dark web, there are people who make a living by undertaking cybercrime. For him, techniques to steal personal information, and personal information itself, are easy targets.
Risk management has become a more important issue in the modern age where it is natural for individuals to transmit information on SNS and enter personal information into various services. Once personal information is leaked, it is difficult to erase it.
Be conscious of protecting personal information
It would be difficult for users to completely eliminate the leakage of personal information. On the other hand, in some cases, damage can be minimized by changing email addresses, passwords, etc. instead of names and dates of birth. It is not impossible to make it easier to prevent unauthorized use when something happens.
First, check your online account carefully on a daily basis. If you find a suspicious history, take action such as changing your password or updating your privacy settings. If you make a habit of checking whether the settings are maintained when using SNS, it will be easier to notice when something unusual happens.
You also need to be careful with your password. In addition to using as long a password as possible, including alphabets, numbers, and symbols, I would like to set a different password for each service.
If possible, I would like to set up "two-step verification" (login verification), which requires not only a password but also a phone number (SMS) to verify your identity when logging in. There are mobile phone authentication in which a valid password and numbers are sent to the mobile phone only once by SMS, and one-time password authentication in which a password displayed on an application or device is entered. Even if your password is known, you won't be able to log in without another step of authentication, which will provide stronger security.
As mentioned earlier, cybercriminals abuse databases obtained through illegal activities. For example, a list of illegally obtained e-mail addresses may be used to deliver phishing e-mails. Even if you receive an e-mail or SMS, it is the basics of the basics to check whether the message is unnatural or unfamiliar, and not to open suspicious URLs without reason.
In these days when personal information can be easily leaked, it is necessary for individuals to be conscious of self-defense in order to ensure their own safety. This time, I'd like to introduce you to the McAfee Blog's "The Rise of the Dark Web and His Gig Economy." (Sekyu Lab)
*The following is reprinted from McAfee Blog.
The Rise of the Dark Web Gig Economy: McAfee Blog
The gig economy is becoming more prevalent in today's world due to the attraction and need for flexible work opportunities. Many people take advantage of short-term contracts, side jobs, and freelance work to gain more control over their day and income. But the proliferation of these flexible job opportunities goes beyond the dark web, allowing individuals to conduct illicit activities. Rather than contracting handymen or navigating services on the dark web, hackers sometimes contract website hacking services or place ads to hire hackers. Given the amount of personal information stolen on dark websites, these acts pose a significant risk to online users. Find out what activity to expect on the dark web and steps you can take to protect your online privacy.
Contents
Watch out for dark web criminal activity 5 steps after a data breach 1. Utilize security software 2. Stay informed 3. Change credentials 4. Update password 5. Enable multi-factor authentication against dark web activity Get protection updates
Beware of criminal activity on the dark web
The dark web is the part of the public internet that search engines do not index. In other words, what happens on the dark web stays on the dark web with no traceable record. Most people are unaware that the dark web is not illegal even though it is associated with criminal activity. However, the dark web maintains a reputation as an effective arena for crime because it is difficult to track what is going on. As a result, criminals frequently access the dark web to conduct various illegal transactions, including hacking services.
Researchers have found an increase in activity on dark web forums, including the buying and selling of black hat hacking services. 90% of the activity on these forums comes from people looking to hire hackers to break into websites and steal databases. Additionally, 4% of those who frequent dark web forums requested hacking services related to website hacking and malicious code injection.
Another 7% of the dark web are hackers who subscribe to services and tools. These services and tools include web shells, files uploaded to servers that attackers can use to execute operating system commands, and access to administrative website interfaces and ready-made exploits. Many of the services offered on these forums span specialties from site intrusion to data extraction. As a result, they often attract a variety of customers with numerous demands.
In addition, many of the advertisements for hacking services are aimed at hacking databases. These targeted databases are often hackers and companies financially motivated to steal their competitors' information. Databases continue to be popular targets for hackers because they contain vast amounts of personal information, from first and last names to credit card numbers. Cybercriminals can use this information to commit numerous crimes, including money theft, unemployment and tax exemption fraud, and identity theft.
For example, the Canada Revenue Agency (CRA) had to suspend approximately 800,000 accounts after discovering matching credentials for sale on the dark web. In previous data breaches, hackers used login credentials to access taxpayer accounts, apply for COVID-19 relief funds, and reroute those funds to bank accounts. Taxpayers could not log into their accounts without first taking the necessary steps to regain secure access.
Five steps after a data breach
As these criminal activities continue to grow in demand, users need to protect their online presence and information. Here are the 5 must-dos after discovering a data breach to maintain your online security:
1. Leverage security software
Be one of the first to learn about a data breach by leveraging security software such as McAfee Total Protection. A comprehensive security solution that includes dark web monitoring actively monitors the dark web for data breaches and published information. This information includes, but is not limited to, date of birth, email address, credit card number, and personal identification number. Robust security software also provides post-breach remediation procedures, guiding users to regain control and integrity of their data and privacy.
2. Stay informed
Companies must notify customers of data breaches under the PIPEDA Congress. Be the first to learn about data breaches affecting online customers, beware of breach notifications from affiliated companies.
Receive notifications of the latest events by creating news alerts for businesses that have access to your information. Additionally, it creates alerts for bank and other financial accounts to monitor suspicious activity such as fraudulent transactions and declining credit scores. Be prepared to mitigate cybersecurity threats with the right security software and up-to-date risk knowledge.
3. Change Credentials
Looking back at the 80,000 taxpayers whose accounts were suspended, they were never able to regain access without first changing their login credentials. Changing login credentials such as usernames, passwords and security questions is an important first step after a data breach occurs.
Changing your credentials will prevent hackers from accessing your personal information and will give you greater control over the security of your account. Using the same credentials on different accounts greatly increases the chances of hackers accessing your data. Therefore, it is imperative that you change your username and password regularly to ensure the security of your information.
4. Update your password
As important as changing your password regularly is changing your password according to best practices. Use the following combinations to create stronger passwords.
・Uppercase letters・Lowercase letters・Numbers・Symbols
In addition, long passwords of 12 characters or more are more effective than short passwords, as they are harder for hackers to guess. In other words, make sure all passwords are long, complex, and used only once. Make passwords easier to access and manage using a password manager with a password generator included in solutions like McAfee Total Protection.
5. Enable multi-factor authentication
If your credentials are exposed in a data breach, using multi-factor authentication will prevent hackers from accessing your information using only your login credentials. increase. So even if your username and password are exposed, there is a layer of security that hackers cannot bypass. Enable multi-factor authentication whenever applicable to block unauthorized login attempts.
Protection against dark web activity
The dark web continues to be a major destination for cybercrime. Online users should be careful about the information they hold in their online accounts and on websites that have access to personal information. Data security and privacy aren't always guaranteed, but the more you care about your online safety, the better protection you'll have.
Get the latest information
Gathering information from daily news is important. You can also follow us on Twitter @McAfee_Home (US) or @McAfee_JP_Sec (Japan) for the latest information on staying digitally safe and up-to-date on McAfee products, as well as the latest consumer and mobile security threats. ) and listen to the podcast Hackable.
*The content of this page is the content of the following McAfee Blog updated on June 17, 2021 (US time). Original text: The Rise of the Dark Web Gig Economy Author: Vishnu Varadaraj
*This article is an article that edits and introduces popular entries from past McAfee Blogs for posting on the ASCII and McAfee collaboration site "Sekyu Lab".
■ Related sites
