Dark Web helping hackers execute Ransomware-as-a-Service: McAfee

As governments and companies face an uphill task to stop hackers from stealing data, the Dark Web is providing them a safe haven, helping them scale up and execute massive data breaches, global cyber security firm McAfee has warned.

Dark Web is an encrypted network of websites and communities that exists outside of mainstream Internet culture.

"We are witnessing a scaling model called Ransomware-as-a-Service where criminals are hired by an entity to host everything, use their own infrastructure, tools and expertise and the employer gives them a target as well as the magnitude of attack," Vincent Weafer, Vice President, McAfee Labs and Product Development, told IANS.

"Before carrying out the attack, hackers are clear that they would vanish if, in case, the attack fails. The hackers make sure that their employer gets caught and they escape," Weafer added.

For example, encrypted software such as Tor's ability to hide the identity of the attacker is key to cybercriminals. Tor is a free software for enabling anonymous communication.

The McAfee executive also said that crypto-currencies like Bitcoin are also a major reason why cyberattacks are increasing.

From a product point of view, Weafer said, there is little that cyber security companies can do to stop communication on the Dark Web, but they can help provide intelligence to the regulators.

"We are not looking at products that could track those criminals on the Dark Web but can provide expertise in terms of where and what information is flowing and which types of groups are operating. That information can be shared with regulators and governments because they are the ones who will be chasing the criminals," Weafer said.

McAfee has assisted several law enforcement agencies in cybercrime cases and Raj Samani, Chief Scientist and McAfee Fellow, is a special advisor to the European Cybercrime Centre at The Hague.

Samani also leads the NoMoreRansomware.Org website -- an initiative by the National High Tech Crime Unit of the Netherlands' police and Europol's European Cybercrime Centre -- that aims to help victims of ransomware retrieve their encrypted data without having to pay.

Samani said that the majority of the breaches worldwide were "SQL Injection" (a type of web application attack) issues where people were clicking on malicious links.

"I agree it is important for cybersecurity companies to stay ahead of the criminals and innovate continuously, but we must not forget the fact that a majority of the breaches were carried out because of fundamental errors," Samani told IANS.

"WannaCrypt could have been patched. We knew its propagation method like 20 years ago. It was spread like old school worms used to attack across systems. Majority of the issues could have been stopped by just doing the basic fundamentals," Samani noted.

When asked how cyber security companies are designing products to protect and help customers retrieve data, Weafer said whatever is happening in terms of the change in attack methodology and its impact, what people are doing and what hackers are going after, decides the product design.

McAfee protects over 300 million devices worldwide and has a presence in more than 2,000 companies, government institutions and healthcare.

In India, the company has got a retail presence and also works with top government institutions. McAfee has its largest research and development facility in Bengaluru that employs over 1,000 engineers.

For Samani, the first step to protect the data is keeping a back-up.

"The best way out is to back your data. As you read this, take a five-minute break, kick off a back-up and then continue with what you were doing. It doesn't matter what hackers do -- whether they leave your data encrypted or decrypt it (if you refuse to pay ransom) -- you are covered. And make sure to go for offline back-ups as well," Samani advised.

(Sourabh Kulesh can be contacted at sourabh.k@ians.in)

--IANS

sku/na/ky/sac