For Cybercriminal Mischief, It’s Dark Web Vs Deep Web
upstart writes:
A new report from cyberthreat intelligence company Cybersixgill sees threat actors swarming to digital bazaars to collaborate, buy and sell malware and credentials.
Threat actors are consolidating their use of encrypted messaging platforms, initial access brokers and generative AI models, according to security firm Cybersixgill's new report, The State of the Cybercrime Underground 2023. This report notes this is lowering the barriers to entry into cybercrime and "streamlining the weaponization and execution of ransomware attacks."
The study is built upon 10 million posts on encrypted platforms and other kinds of data dredged up from the deep, dark and clear web. Brad Liggett, director of threat intel, North America, at Cybersixgill, defined those terms:
- Clear web: Any site that is accessible via a regular browser and not needing special encryption to access (e.g., CNN.com, ESPN.com, WhiteHouse.gov).
- Deep web: Sites that are unindexed by search engines, or sites that are gated and have restricted access.
- Dark web: Sites that are only accessible using encrypted tunneling protocols such as Tor (the onion router browser), ZeroNet and I2P.
"What we're collecting in the channels across these platforms are messages," he said. "Much like if you are in a group text with friends/family, these channels are live chat groups."
Tor is popular among malefactors for the same reason: It gives people trapped in repressive regimes a way to get information to the outside world, said Daniel Thanos, vice president and head of Arctic Wolf Labs.
"Because it's a federated, peer-to-peer routing system, fully encrypted, you can have hidden websites, and unless you know the address, you're not going to get access," he said. "And the way it's routed, it's virtually impossible to track someone."
Cybercriminals use encrypted messaging platforms to collaborate, communicate and trade tools, stolen data and services partly because they offer automated functionalities that make them an ideal launchpad for cyberattacks. However, the Cybersixgill study suggests the number of threat actors is decreasing and concentrating on a handful of platforms.
Read more of this story at SoylentNews.