Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Dark Web Monitoring. Show all posts

Mozilla Firefox's Premium Dark Web Monitoring Solution

 

Mozilla, renowned for its commitment to an open and secure internet, has recently made a strategic foray into unexplored realms with the introduction of a subscription-based dark web monitoring service. This bold move signifies the organization's dedication to empowering users in the ongoing battle for online privacy, allowing them to take proactive measures to secure their personal information from the covert corners of the internet. 

The dark web, notorious for being a hub for stolen data and illicit activities, prompted Mozilla to take a pioneering stance by providing users with a tool to monitor their personal data on this clandestine platform. This new service enables users to keep a vigilant eye on the dark web, receiving real-time alerts if any traces of their personal information, from email addresses to passwords, are detected. It acts as a digital sentinel, offering a robust defense mechanism against potential cyber threats. 

Mozilla's approach to dark web monitoring is distinctive due to its unwavering commitment to user privacy. The service is designed to ensure that users' sensitive information remains shielded throughout the monitoring process, setting it apart from other solutions in the market. This emphasis on privacy aligns with Mozilla's longstanding dedication to user rights and transparency. 

While the concept of dark web monitoring isn't entirely new, Mozilla's entry adds an extra layer of trust and credibility to the landscape. Given its track record in advocating for user rights and a secure online environment, the organization brings a sense of reliability to this evolving sector. The subscription-based model not only makes the service accessible to a broader audience but also positions it as a valuable tool for individuals looking to proactively protect their digital identities without incurring exorbitant costs. 

However, as with any innovative move, there are critics raising questions about the broader responsibility of tech companies in ensuring user safety. Some argue that features like dark web monitoring should be inherent in basic services rather than being monetized as an additional layer of protection. In response, Mozilla asserts that the subscription fee is crucial for sustaining ongoing monitoring efforts and upholding the service's integrity. 

Mozilla's venture into dark web monitoring represents a significant step towards empowering users to navigate the intricate landscape of online security. As the digital realm continues to evolve, the importance of proactive measures to counter cyber threats becomes increasingly evident. Mozilla's privacy-centric service, though met with scepticism by some, has the potential to redefine how users approach safeguarding their personal data in the enigmatic realm of the dark web. It not only adds a layer of security but also reinforces Mozilla's commitment to creating a safer and more secure online experience for all users.

Dark Web Grows Stronger. And So Does the Value of Monitoring


The Growing Threat of the Dark Web 

The Dark Web is rapidly growing along with the variety of cybercrime, and so is the value in monitoring it. The cybercrime ecosystem now not only includes private communications platforms like I2P and Tor but also reaches across clear websites and Telegram channels.

One of the most significant threats on the Dark Web is stealer logs with corporate access. These logs are likely one of the most significant vectors for data breaches. Infostealer variants such as Raccoon, Vidar, Titan, and Aurora infect computers, then exfiltrate the browser fingerprint containing all the saved passwords in the browser. Threat actors then sell the results on the Dark Web.

The Value of Monitoring 

To detect malicious actors distributing stealer logs across the Dark Web and Telegram, companies can monitor for any logs that contain an internal corporate domain access, such as sso.companyname.com.

Another threat on the Dark Web is Initial Access Brokers (IABs). IABs are active across Dark Web forums, such as XSS and Exploit.in. They establish initial access to companies, which they resell in auction and forum threads, typically for $10,000 to $500,000 per listing, depending on the company and level of access. 

A listing usually contains information such as the number of devices and services compromised, industry of the victim company, antivirus or endpoint detection and response platform the company is using, geographic location of company, and compromised hosts or servers.

Threat actors can purchase this access

Threat actors can purchase this access and use it to deploy ransomware or steal sensitive data or financial resources. Monitoring IAB forums can provide early warning that malicious actors have compromised devices. IABs never list the exact company name but generally provide enough detail that if your organization is a victim, there is a reasonable chance you can identify it.

Russian hacker created the RedLine program, which steals passwords and bank card data in browsers

The RedLine malware attacks browsers based on the Chromium engine — Chrome, Edge, Yandex.Browser and Opera, as well as on the basis of the Gecko engine - Mozilla Firefox and Netscape. RedLine steals saved passwords, bank card data, information about cryptocurrency wallets, cookies, system information, and other information from browsers.

Further, experiments showed that the program collects any sensitive information stored in browsers, and in addition allows you to control the computers of victims via the SOAP remote access protocol and hypothetically create botnets from them. The problem affects not only companies but also ordinary users.

The RedLine program appeared on the Russian darknet in February 2020. The announcement of its sale was posted by a Russian-speaking user with the nickname REDGlade.

The AhnLab ASEC report calls RedLine a serious cyber threat. ASEC discovered the program in 2021 when they were investigating the hacking of the network of an unnamed company. It turned out that access was carried out through a VPN service from an employee's computer infected with RedLine.

Attackers sell malware on the darknet and telegram for an average of $150-200. RedLine is distributed using phishing mailings with attached files in the format .doc, .xls, .rar, .exe. It is also uploaded to domains that disguise themselves as an online casino or, for example, the website of the Krupskaya Confectionery Factory.

It is worth noting that in December 2021, RedLine became the most popular program used in cyber attacks. Since the beginning of the month, more than 22 thousand attacks have been carried out with the help of RedLine.

Experts urged not to store credentials in browsers, suggesting instead to use a password manager and enable two-factor authentication wherever possible.