This is part 2 of a 3-part series on cyber-risks. Read Part 1 here.
In its 2015 U.S. State of Cybercrime Survey, Pricewaterhouse Coopers calls 2015 "a watershed year for cybercrime." This conclusion is echoed in many studies, which have found that cybercrime has now outpaced insider theft, mishandling of records, and other sources of data breach in healthcare. The PwC study showed that hackers, hacktivists, organized crime, and foreign nation-states accounted for 61 percent of data security threats in 2014.
Every information security, risk, privacy, and compliance professional who touches healthcare data needs to become intimately familiar with emerging threats and threat actors. In the first part of this three-part series on cyber-crime, I wrote about how cyber-criminals are monetizing stolen healthcare data. In this article, I'll look at the Dark Web, the information superhighway of illicit commerce.
What is the Dark Web?
Most people navigate the World Wide Web via well-known search engines such as Google or Bing. Underneath the publicly accessible web, however, is the "Deep Web," the part of the web that is not indexed by common search engines. The Deep Web hosts the "Dark Web," a series of networks called "darknets" that overlay the public Internet but require specific software or authorization to access.
Darknets were created to allow users to operate anonymously, so it's no surprise that a lot of the Dark Web is devoted to criminal activities. In fact, the Dark Web hosts a worldwide marketplace of illicit goods and services, most of which are paid for in Bitcoin, the preferred currency of the black market. A recent study by Dr. Gareth Owen, "Tor: Hidden Services and Deanonymisation," found that the most common requested information on one of the top darknets, Tor (an acronym for "The Onion Router"), is child pornography, followed by black markets for drugs, stolen information, weapons, counterfeit currency, and more.
A Dark Web lexicon
If you read Deepdotweb, the Dark Web's equivalent of the New York Times and Wall Street Journal, rolled into one, you quickly realize that the Dark Web has a language of its own. Here are just a few of the Dark Web practices that could be targeting your business right now:
- Carding schemes are whole programs for monetizing stolen credit card information. Dark Web users can join carding forums where they learn how to steal card numbers and clone cards, how to cash out the card's credit limit, how to sell card numbers, how to get personal information to fully exploit a card, and how to set up as a vendor of stolen card information.
- Doxxing is stealing and publishing private or personal information about someone, usually with malicious intent. The information is often obtained through social media or social engineering, and the tactic is often used by "hacktivists" to shame public figures or companies, although the threat of exposing information can also be used for coercion or extortion.
- Dumping is the practice of posting large sets of private information on the Dark Web. For example, after the recent Office of Personnel Management breach, databases containing personal information and email addresses of thousands of federal employees were dumped. Data dumps may be put up for sale or exposed publicly to embarrass or damage the organization that was breached.
Darknet vendors use exit scams to get out of a black market business, for example, if law enforcement gets too close, while still pocketing money from customers. Sellers simply continue to advertise and accept payment while not delivering product. When the online customer reviews turn negative, the vendor simply posts that he or she has been scamming and has skipped town, so sorry, better luck next time.
Stay informed and see them coming
The first step to defend against all these threats is to know what they are and where they're coming from. For example, social engineering attacks are often the first step in wholesale attacks on an organization's internal systems. By tracking new social engineering scams, your information security/privacy team can warn employees and patients about phishing attacks ahead of time and help keep them from revealing information that could lead to the introduction of malware and massive breaches.
Some good sources are Brian Krebs' excellent column on cyber-security, the Norse Dark Matters newsletter, and DeepDotWeb for the buzz in the cyber-crime community. My next article in this series will be about one of the newest and most surprising cyber-threats against businesses: the methods and motivations behind cyber-espionage and cyber-attacks by nation-states.
Rick Kam is president and co-founder of ID Experts.