Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IDS. Show all posts
KYC
Cyber Crime Financial Security Identity Theft IDS KYC

Cybercriminals Exploit Identity Verification Systems

 


Cybercriminals on the dark web have developed new ways to exploit identity verification systems. Rather than hacking or stealing personal information, they are purchasing it directly from individuals, as revealed by security researchers at iProov. This approach allows them to bypass Know Your Customer (KYC) processes used by businesses to verify customer identities. Researchers found that a criminal group in Latin America is gathering identity documents, such as passports and driver's licenses, along with corresponding facial images. 

In some cases, these criminals pay individuals for their personal data. While the exact amount paid remains unclear, this practice raises serious concerns. This group’s activities extend beyond Latin America, with similar tactics reported in Eastern Europe. Law enforcement agencies in these regions have been alerted to the threat. 
 
Why Is This Dangerous? 
 
Selling personal data equips fraudsters with real identity "kits," which combine authentic documents with matching biometrics. This makes it challenging to identify the kits as counterfeit. According to iProov Chief Scientific Officer Andrew Newell, these kits enable criminals to execute sophisticated impersonation scams, putting victims’ financial security and personal identities at risk. 
  
What Can Be Done? 
 
Classic verification methods have proven inadequate against such advanced attacks. iProov recommends implementing multi-layered security measures to combat these threats. Key steps include:
  • Real-Time Authentication: Verifying that the user is a human being in real-time.
  • Identity Verification: Ensuring the user matches the rightful owner of the presented identity.
These layered methods significantly hinder cybercriminals, even when they possess convincing identity data. iProov notes that even sophisticated attackers struggle to bypass such systems while maintaining realistic interactions.
  • Never sell or share your personal information, regardless of incentives.
  • Be cautious of schemes offering money for personal data, as they can fuel large-scale fraud.
  • Stay vigilant and report any suspicious activity to relevant authorities.
As cybercriminals continue to innovate, businesses must invest in robust security systems, and individuals must take proactive steps to safeguard their sensitive information.
Read more »
Obfuscation Technique
Corporate Hacking Data Breach Data Exfiltration DNS IDS Obfuscation Technique

New Hacking Method: Akami DNS Data Exfiltration



 


When it comes to cybercrime, getting into a system is only half the battle; the real challenge is extracting the stolen data without being detected. Companies often focus on preventing unauthorised access, but they must also ensure that data doesn’t slip out undetected. Hackers, driven by profit, constantly innovate methods to exfiltrate data from corporate networks, making it essential for businesses to understand and defend against these techniques.

The Challenge of Data Exfiltration

Once hackers breach a network, they need to smuggle data out without triggering alarms. Intrusion Detection Systems (IDS) are crucial in this fight. They monitor network traffic and system activities for suspicious patterns that may indicate unauthorised data extraction attempts. IDS can trigger alerts or even automatically block suspicious traffic to prevent data loss. To avoid detection, hackers use obfuscation techniques to disguise their actions. This can involve encrypting data or embedding it within harmless-looking traffic, making it difficult for IDS to identify and block the exfiltration attempts.

Reality vs. Hollywood

In Hollywood movies like "Mission Impossible," data theft is often depicted as a physical heist involving stealth and daring. In reality, hackers prefer remote methods to avoid detection and the risk of getting caught. By exploiting vulnerabilities in web servers, hackers can gain access to a network and search for valuable data. Once they find it, the challenge becomes how to exfiltrate it without triggering security systems.

One common way hackers hide their tracks is through obfuscation. A well-known method of obfuscation is image steganography, where data is embedded within images. This technique allows small amounts of data, such as passwords, to be hidden within images without raising suspicion. However, it is impractical for large datasets due to its low bandwidth and the potential for triggering alarms when numerous images are sent out.

Innovative DNS Data Exfiltration

The Domain Name System (DNS) is essential for internet functionality, translating domain names into IP addresses. Hackers can exploit this by sending data disguised as DNS queries. Typically, corporate firewalls scrutinise unfamiliar DNS requests and block those from untrusted sources. However, a novel method known as "Data Bouncing" has emerged, bypassing these restrictions and making data exfiltration easier for hackers.

How Data Bouncing Works

Data Bouncing leverages trusted web hosts to facilitate DNS resolution. Here’s how it works: hackers send an HTTP request to a reputable domain, like "bbc.co.uk," with a forged "Host" header containing the attacker’s domain. Akami Ghost HTTP servers, configured to resolve such domains, process the request, unknowingly aiding the exfiltration.

Every HTTP request a browser makes to a web server includes some metadata in the request’s headers. One of these header fields is the "Host" field, which specifies the requested domain. Normally, if you request a domain that the IP address doesn’t host, you get an error. However, Akami Ghost HTTP servers are set up to send a DNS request to resolve the domain you’ve asked for, even if it’s outside their network. This means you can send a request to a trusted domain, like "bbc.co.uk," with a "Host" header for "encryptedfilechunk.attackerdomain.com," and the trusted domain carries out the DNS resolution for you.

To prevent data exfiltration, companies need a comprehensive security strategy that includes multiple layers of defence. This makes it harder for hackers to succeed and gives security teams more time to detect and stop them. While preventing intrusions is crucial, detecting and mitigating ongoing exfiltration attempts is equally important to protect valuable data.

As cyber threats take new shapes, so must our defences. Understanding sophisticated exfiltration techniques like Data Bouncing is essential in the fight against cybercrime. By staying informed and vigilant, companies can better protect their data from falling into the wrong hands.





Read more »
Subscribe to: Posts (Atom)