Hackers use Dark Web to execute Ransomware-as-a-Service: McAfee

Truth be told, the world wide web is more vast than you think and the majority of us see only the surface of it. While such is the case, basically three segments of various scale represent the Internet as we know it. The segments are Surface Web, Deep web and finally the Dark web.

However, Dark Web is an area of the internet that has made headlines and is primarily associated with illegal activity and crime. The Dark Web is a safe haven for hackers and is further helping them scale up and execute massive data breaches. Governments and companies are facing an uphill task to stop hackers from stealing data, global cybersecurity firm McAfee has warned.

Besides, Dark Web is an encrypted network of websites and communities that exist outside of mainstream Internet culture.

"We are witnessing a scaling model called Ransomware-as-a-Service where criminals are hired by an entity to host everything, use their own infrastructure, tools, and expertise and the employer gives them a target as well as the magnitude of attack," Vincent Weafer, Vice President, McAfee Labs and Product Development, told IANS.

"Before carrying out the attack, hackers are clear that they would vanish if, in case, the attack fails. The hackers make sure that their employer gets caught and they escape," Weafer added. For example, encrypted software such as Tor's ability to hide the identity of the attacker is key to cybercriminals. Tor is a free software for enabling anonymous communication.

The McAfee executive also said that crypto-currencies like Bitcoin are also a major reason why cyber attacks are increasing. From a product point of view, Weafer said, there is little that cybersecurity companies can do to stop communication on the Dark Web, but they can help provide intelligence to the regulators.

"We are not looking at products that could track those criminals on the Dark Web but can provide expertise in terms of where and what information is flowing and which types of groups are operating. That information can be shared with regulators and governments because they are the ones who will be chasing the criminals," Weafer said.

McAfee has assisted several law enforcement agencies in cybercrime cases and Raj Samani, Chief Scientist, and McAfee Fellow, is a special advisor to the European Cybercrime Centre at The Hague. Samani also leads the NoMoreRansomware.Org website - an initiative by the National High Tech Crime Unit of the Netherlands' police and Europol's European Cybercrime Centre - that aims to help victims of ransomware retrieve their encrypted data without having to pay.

Samani said that the majority of the breaches worldwide were "SQL Injection" (a type of web application attack) issues where people were clicking on malicious links.

"I agree it is important for cybersecurity companies to stay ahead of the criminals and innovate continuously, but we must not forget the fact that a majority of the breaches were carried out because of fundamental errors," Samani told IANS. "WannaCrypt could have been patched. We knew its propagation method like 20 years ago. It was spread like old school worms used to attack across systems. Majority of the issues could have been stopped by just doing the basic fundamentals," Samani noted.

When asked how cybersecurity companies are designing products to protect and help customers retrieve data, Weafer said whatever is happening in terms of the change in attack methodology and its impact, what people are doing and what hackers are going after, decides the product design. McAfee protects over 300 million devices worldwide and has a presence in more than 2,000 companies, government institutions, and healthcare.

In India, the company has got a retail presence and also works with top government institutions. McAfee has its largest research and development facility in Bengaluru that employs over 1,000 engineers. For Samani, the first step to protect the data is keeping a back-up.

"The best way out is to back your data. As you read this, take a five-minute break, kick off a back-up and then continue with what you were doing. It doesn't matter what hackers do - whether they leave your data encrypted or decrypt it (if you refuse to pay the ransom) - you are covered. And make sure to go for offline back-ups as well," Samani advised.

Sourabh Kulesh writes for IANS