EDITOR’S QUESTION
KALLE BJORN,
DIRECTOR – SYSTEMS
ENGINEERING, FORTINET
E
ver since the arrival of advanced persistent threats,
obfuscation technologies have existed to help
cybercriminals evade security detection. Attackers
have moved on to adapt similar obfuscation techniques in
other channels.
Over a decade ago, cybercriminals started using fast-flux
networks to shift IP addresses and domains; in some cases
one threat can use over 50,000 websites in a day to disguise
where they’re from.
The Dark Web has a become a popular choice for
cybercriminals. It’s a part of the World Wide Web, but needs
special software and tools to be accessed. The Dark Web
contains hidden and encrypted content accessible only
though complex browsing software tools like Tor which is an
acronym for ‘The Onion Router’.
Tor networks introduce a sophisticated adaptation of deep
web activity. Tor is designed to enable anonymous sending
and receiving of web traffic. Users not only have the ability
to remain unidentifiable, but they can also access content
that’s blocked to them. Tor manages this by encrypting traffic
and then randomly forwarding it via a network of relays.
Each individual relay features its own encryption layer to help
conceal the user’s identity.
While the Dark Web doesn’t have any specific security
threat related to it, it can be used as a medium for delivering
attacks. These kinds of next-generation security evasion
tools use the Deep Web to hamper tracing. When it comes
to law enforcement and trying to attribute where an attack
is coming from, criminal operators are continually creating
new communication protocols and encryption schemes to ‘go
dark’ and shift tactics when law enforcement are on their tails.
This opens channels for all sorts of potential illicit activity.
“Tor is designed to enable
anonymous sending and
receiving of web traffic.”
traffic from view with tools such as Tor, security solutions
need to be able to identify such tools. This allows blocking the
access to the Dark Web.
The most important thing we can do to combat these threats
is to work together, including security experts, vendors, and
law enforcement. At Fortinet, we are part of the Cyber Threat
Alliance and contribute to Interpol’s expert cybercrime working
group. We also work with the FBI to support intelligence that
can protect our customers.
Cybercriminals might also use the Dark Web to hide. This
would be the case even without the Dark Web. It’s easy to
use a compromised system to control, for example, a herd
of bots. We’ve seen cases where the Dark Web was used to
relay the commands to the infected machines. Our partnership agreement with NATO is also worth
mentioning, where we have an agreement to boost two-way
information sharing with a particular emphasis on pursuing
cyber criminals.
The same security solutions that secure the corporate
networks from external users (the Internet) can be used to
protect/isolate the corporate from the Dark Web. The threats
that are related to the Dark Web are related to hiding the Because the technical aspects of cybercrime aren’t a core
strength of policing agencies, researchers in the private sector
should be sharing their expertise with the public sector to help
shut down nefarious operations. n
www.intelligentcio.com
INTELLIGENTCIO
87