No one expects that the IT world will at any time soon be able to completely eliminate cybercrime entirely. It’s already evident that the good guys are having trouble and tough time trying to make life difficult for the bad guys on dark web. Therefore, it goes without saying that it was only a matter of time before the bad guys picked up on the possibilities of AI and machine learning to move cyber criminality on dark web to a new level, and it will probably become inevitable that the same technologies will be used to defend business systems. One of the important ways which will have to take place is in using them to learn how to stop humans being when it comes to using IT systems.
During the first quarter of the year, there was main stream of headlines on overwhelming data breaches that have negatively impacted retailers such as White Lodging and Michael Stores. There has also been an explosion of hacking and theft of personal data and information and credit cards for use in the thriving dark web marketplaces that has become as competitive as other online marketplaces such as Yahoo and eBay with Bitcoin as the currency.
Readily available and easy to use ransomware is one of the factors that has increased cases of cybercrimes. It has now becoming very easy for anyone with basic programing skills and little information on how malware works to become a cyber-criminal with a success story as it does not require much expertise to launch these attacks. In less words, the attackers only need a criminal intention and a safe and conducive environment which is now provided by the “Dark Web” to carry out their criminal activities. The dark web is a section of the Internet that is not indexed by popular search engines like Google and hence a user cannot navigate through it using a standard browser. Access to the dark web is made possible via the “Tor browser” that allows the users to surf without giving away the identity of the location from where the login has taken place and hence a safe marketplace for ransomware, illegal drugs, sell stolen personal identities among other criminal activities.
Surprisingly Tor was originally developed and implemented by US naval research laboratory for the purpose of protecting government communication and later legitimately used by privacy advocates and journalist to communicate to whistleblowers. However it has also made a safe haven for criminals who are now hard to find or locate.
To be able to stop criminal activities, there has been few attempts to index Tor sites but it has proved to be almost impossible as and by large they change frequently and dodgy ones probably change their onion URLs multiple times per hour.
The evolution of malware to machine learning types take the similar but unique mode of operation as existing botnets but wait for instruction and inflate it to make millions of the same and can communicate collectively smartly and intelligently, making it possible to make multiple and simultaneous attacks across a network and hence a significant cyber security threat. Derek Manky, Global Security Strategist for Fortinet, predicts that is technological development in cybersecurity will raise cybercrime by 20% and will generate cumulative of more than $160B by the year 2020. This will be easily obtained especially if this development is combined with AI technologies, where instead of a single inflated malware to manipulate and launch an attack, it will insert unique digits of Bots into the system to observe the activities while identifying the weaker attack surfaces; and ultimately, intelligently deciding when and where to launch the attack or to direct multi-vector attacks which are likely to involve not only encrypting system and customer files but also the threat of destructive payloads. This could stop a CSP from operating for some time while complete systems can be reconstructed.
We all agree it has to get worse before it gets better. Indeed, even the experts agree that there is less or no hope to completely stop cyber criminals especially on the Dark Web. Even the famous shutdown of the “Silk Road” late last year happened after 2.5 years of operation and it was replaced three weeks later by “Silk Road 2.0.”
Cybercrime is now a service on dark web and permits criminals and their customers to trade easily as any other legit business. The use of bitcoins as currency of trading makes them even more untraceable, hard to find, and safe. A study report revealed that cybercrime industry is even more profitable than the famous drug industries and this explains the recent increase in cyber-attacks.
However the thought that the Dark Web is completely impenetrable is not entirely true. Tor connections and traits are always suspicious and if law enforcers are keen and up to task, they can monitor and regulate Dark Web criminal activities. It would not be true to say that there is anyone who is safe in terms of protecting yourself online; there is no such thing as total avoidance according to Bartlett. “At one point you probably are going to get hacked even if you are careful. What you want is to make sure that you can very quickly get back online and don’t let it disrupt your life too much.” Bartlett recommends taking small steps such as using two-factor authentication, not reusing passwords across accounts and keeping backups of valuable data. Organizations can also minimize vulnerability to cyber-attacks through some cybersecurity practices which includes performing security assessments to look for and resolve denial of service-related vulnerabilities and using network security controls, including services from cloud based vendors.