Cyber security | The dark side of the web

Cyber security | The dark side of the web

In this webinar, we’ll look at the different types of threat actors, and situation awareness – the latest threat intelligence for Covid-19 and the increased threat landscape due to home working, and what businesses can do to protect themselves as best as possible.

Our guest speaker is Chris Woods, CEO of the CyberQ Group. He has over 20 years of cyber security experience developed within the EU and MENA regions, and has previously led cyber security teams at the European Space Agency, HP and Fujitsu.

Further information on how to manage the impact of coronavirus can also be found on our coronavirus resource hub and you can view past webinars at SHMA®ON DEMAND.

Please do let us know of future topics that you are interested in, or for more information about our webinars please contact us.

Related services

IT & Telecoms
Intellectual Property

All the latest on-demand content.

Data Protection compliance: your Record of Processing Activities (RoPA) is key

5 Jun

Trevor Fenton, Partner

Data Protection compliance: your Record of Processing Activities (RoPA) is key

Securing and managing personal data in your organisation is a major challenge. From robust […]

Register Right Arrow

Women in Agriculture – Farm Walk and BBQ

6 Jun

Amy Cowdell, Partner

Women in Agriculture – Farm Walk and BBQ

Join us for an exclusive farm walk at Glebe Farm with Andrew Ward, exploring […]

Register Right Arrow

Webinar transcript

(Please note this is auto-generated and un-edited)

Hello, my name is Chris Wood's and I'm the founder and CEO of cyber Q group and I'd like to thank Shakespeare's Martinez to give me the opportunity to present this webinar today, which is called the dark side of the web and the objective of today's presentation is really go through three things and the type of tractors and secondly, what is the dark web and thirdly what is covid-19 scams that we're seeing in our through intelligence.
T a little background on me I've been again. My name's Chris was I've been in the cybersecurity industry for about 23 years. I started life working for a company called Fujitsu as a penetration tester has seven happy years. They are then I was headhunted to go and work for an organization called HP Hewlett-Packard as part of that role. I was the director of building cyber security capability across the globe. So these are things like security operations center.
Is instant response penetration test Etc. And as part of that role. I also spent a couple of years in Italy as in frascati on the European Space Agency as the sea so and as well as working very closely with gchq and UK government's as part of that role then took me to work in a place called cutter as in the Middle East and again very similar and building Global capability and should we say government secure code?
Ability and I did that for four years and I came back three and a half years ago four years ago to build Sawbuck you group and so I've accused group in effect isn't an award-winning UK innovator. We work on a lot of different types of services and consultancies for our clients. And again, we have capability across the globe in the US and in the Philippines and also in the United Kingdom, so that's a little bit about me. It's a little bit about cyber Q group. Okay.
So these are the type of fracture is And then we have an also why categorize different factors. Now, this is really important for cybersecurity professionals and criminals specially cybercriminals are no different to normal criminals. And as in the world you have different criminals with different motivation.
That is the same as in the cyber world and I'll give you an example so as part of characterizing threat intelligence and categorizing tractors and you tend to have people with different Techniques people with different tactics and basically people with different reservations and if you take it as a general coffee that if you were trying to steal cars you have certain tools at your disposal you have certain information at your disposal. If you take that as a jury Thief, they also have different tools. They have different tactics and they have different information available to them so they can still that information or they can still that asset.
There is no It's from the tractors that you get into the real world their motivations their drive and their characters and their Tools in there is in the cybersecurity world and I'll go forward and explain the different types of threat actors that we have in the cyber world that we categorize us. Okay. So these are the type of threat actors.
So the first one we'll start with is hacktivism now because of my role and because my background I've been involved in a lot of instant responses over the last 20 years and that's Going to organizations that have recently suffered from a breach and understanding what happened and Advising the Senior Management and the board of the steps of what they need to do. Now. My favorite tractor has always been activists now activist have a motivation. They have a drive and they have a message and if they go after your organization, they want to put that message out there.
So if you work in certain Sciences, if you work in certain oil or banking industry's activist one Getting to your website and I want to embarrass that organization. I want to put their message across the beauty about her activities is they actually let you know that they're there they won't hide they won't come back and try and steal data that potentially we have some Financial impact. They'll literally go on to that organization and they'll look to demonstrate a message and look to get their message into the into the wider population.
So again hacktivism the motivation they have a number of tools at their disposal and they also have a sometimes a political message that they want to get out. The second type of reactor is cybercriminals cybercriminals are probably the most Insidious in nature cybercriminals are there to make women it's the bottom line for cyber for sort of criminals the way they do that is getting into the organization lying there dormant for a number of months if not years and then waiting for the ideal opportunity to strike now.
Sorry cyber, criminals can work in different ways. They can work by stealing intellectual property intellectual property that you have within your environment and extracting and trying to sell on the dark web. It could be just good old-fashioned ransomware. So ransomware where the make sure it has the maximum damage and so they can extract Bitcoins from your organization. And anyway from embarrassment the quite Angel supply chain that you've been hacked and they've got access to some secret information cyber criminals.
About the money and they're very Insidious in nature. The third type of tractor is The Insider threat Now The Insider threat organizations need to be aware of his employees that they trust and people that within their organization have access to confidential information or have access to information.
Now this potentially could have an impact in God's if the inside threat went broke, so if they stole the information and they certainly were selling that Between the dark with that could have a dish - dries a disastrous effects and to that organization. And again, it's how you monitor The Insider threat. What's their motivation was their tools at their disposal. How do they know? Well how well do I know security systems as well? So again Insider threats again have a motivation. They have a technique and I have an understanding about how your organization works fourthly.
We have nation states and the nation state really involved governments and not I'm going to be a surprise to say the different governments hack. So you have you know, X you get X government will attack another government and voice of inertia and vice versa. Okay, so going from the tractor to some of the Cyber challenges now the next couple of slides and just basically give you an overview of some stats and I'm not going to go through every single one of them, but I'm just going to pick out some of the key points.
I think from the slides now, I think for me the biggest number that comes after me is the average Learn to identify breach in 2019 was 206 days. Now again mapping it back to the physical world that's equivalent to having a burger in your house for two hundred and six days and you're not realizing that they're there now again, there's a number of reasons for that. The reasons around is that cybersecurity is complex the organizations landscape, so as increase, especially now with covid-19 lot more people working from home.
People are working from their phones. People are working from their laptops tablets Etc. So the landscape has increased I will give you a quick example in that. So as a kind of an ex penetration test that we used to hack service what we have now is people hacking smart kettles and that's probably an idea to share with you about a penetration test that we were involved in a couple of years ago where by infiltrating an organization.
Organization had a smart Kettle as part of that smart Kettle. We were in able to get in because the password was very weak. But because we gain access into the smart counsel that interned and I just to get access into their environment and into the organization.
Now the smart Kettle was actually on the same local area network that their conference room is on and then by getting access to this market, so we were able to get access to the conference facility and we're able to get access to the TV and record board meetings and meetings that happen within that environment again, that's just one of the stories that we see and again you start to appreciate when you're in six days before detection is very very hard to pick up a sophisticated director.
Okay. So here's the second slide with the the again some stats that taken from the previous slide now again, I'm not going to go through each one of them but I think due to the covid-19 one that I woods and look at and the one that we're hearing from our security operations center around threat intelligence is the health sector now, I think you can see on the screen run somewhere for 2020. We looking quadruple to the healthcare sector and we've seen the impact of previous attacks.
Hence, the health care that can be devastating and obviously what's happening in covid-19 with what we've seen at the moment. We've seen a heightened increase on that.
And again, we have a stat there this year potentially run somewhere would have quadrupled within the health sector and the other thing that we're happy to share with you that we're seeing from our threat intelligence and from a security Operation Center is tax against universities and organizations that are researching into covid-19 and Tract is believed that if they can get access into the research institutes, they can do two things one. They can potentially still intellectual property and they could sell the intellectual property or two if they can still the data or use ransomware or their encryption and they've got a highly likely chance of the University facility pain that money. So if you do work in universities or research institutes that looking into covid-19 or looking into how they can create.
Vaccines or additional information. It's probably worth being alert that the information and for intelligence that we receiving special on the dark web. We know that the number of fractures are targeting these types of organizations. So the next slide we'll talk about the internet the Deep Web the dark web. So just again giving you an overview there. So the Deep the dark and the internet and surface web as it says it cool down the slide and a very different in nature and the surface web is probably the simplest simplest one.
To cover the surface web is literally going to Google or going through a search engine that you use and type in a subject hat head out type in a subject or something you're interested in to retrieve the information. So BBC News you get the BBC News. So that's the internet in essence. It's the surface where it's stuff that you can find this out there. That's indexed by up by search engine. The second part is the Deep Web. Now. The Deep Web best way to view is that it's not indexed by search.
Search engine. So the Deep Web has information in there and you know, it can be universities can be research you can be a number of things, but it's actually not indexable. So you can't get to it with a search engine or it can't get to it just type in search. Is it a search names or Search terms in there and the links tend to be shared usually by email. And again, they tend to be served in Academia certain organizations and so certain research institutes as well.
That gives you an overview of the Deep Web. The dark web is that you need a browser you need an encrypted browser to get access to it. Usually that's a Tor Browser where people can get their the traffic there is encrypted and is anonymized as well. So it's very difficult to track the individual. So that's the difference between the Surface deep and the dark web now just focusing on the dark web a lot of bad stuff happens on the dark web, but the dark web can actually be used for good.
So people in suppress countries or people We've certain shall we say political views and can write their views on the dark where which then in turn can be shared with other people which may not be possible to do on the service web or the Deep Web. So even though the dark web has, you know, should we say a bad reputation the dark web actually can be used for some positive and that's you know, regarding political that certain statements that potentially would be suppressed in certain countries.
Their Dart web could be a good medium to getting that message out obviously video conferencing is Big thing of the moment with remote workers have what we're seeing on there is a lot of activity around sharing accounts and sharing meetings. So again, people can go on the dark web and they can get links or credentials and video conferencing which then in turn they can zoom bomb like you can join that conference and try and disrupted they can it again put their message out there or get injured at least to see if they can still an intellectual property.
So again after intelligence and Security operation sensory stimuli chat, Chatter and a lot of talk on that and the final one is again, not really a Marketplace. It is a Marketplace, but it's the type of thing that you can find on the dark web and you have a threat actor on the right who basically is a hired hacker.
So you can hire hire him for a certain amount of Bitcoins and he can do some nasty things to your enemies or two people that you dislike you have anyone he dislike so this individual can hack email address you can post images about Individual heating get images and off of an individual and you can make this the individual in question and he can make sure we say various things happen to him from a cyber perspective. And again, we're seeing an uptake of that as as people was, you know, people potentially might have divorced people may get very angry with certain individuals or certain competition that these tractors now becoming more and more into play where you can hire them to do it a specific thing.
So that gives you an overview on the dark web in regards to some of the things that you can buy some of the intelligence that we're seeing and also the type of tractor that you can purchase you can actually work on your behalf with a set of requirements the next slide now. I'm going to go onto the kind of covid-19 scans now as I alluded to earlier. Yeah because of our security operations center because we protect the number of clients in the u.s. In the UK and also in a pack with seen different threatened.
Jensen different ways throughout actors of playing these this intelligence then for this presentation and focusing purely on the UK. Now. The first one is quite interesting and the first screenshot on the screen on the left is basically getting an individual's to open email. So again, it's the tactic of using fishing but it's basically using coffee grounds as his some safety measures. That one should be aware of please click the link now, obviously, sorry click the file and download the file. They know damn well that file.
Jane's malicious software. So once the user clicks on that piece of software you can install and it will grow information back to that's and a hacker. And again, that's another thing that we're seeing quite a bit of that people are using covid-19 to get people to click on links or get people to open open files the other one screen currently two three four, so that's the kind of give you this evening and he screams at the moment that's around tronic strategy information.
So again a lot of She's that we see pretending to be from UK government lot of information about giving money back. And again, they're looking to extract information extract details from the user the fourth one the one at the far right and she's about a vaccine which I thought was interesting. So China in the world know about covid-19 already.
They have a cure but they're not sharing it with the masses and it just so happens that this organization or these people have the vaccine and Again, I want you to click on a link and I want you to give the details you give access to the vaccine. Obviously, you know majority of people won't click on that but there could be certain people in a desperate State potentially could be enticed by such a such information and again click on the link again. It's about extracting information and in the end point, you've always some and then finally the good old-fashioned of raising for covid-19. We saw this on the on the dark web.
Some Bitcoins. So we're seeing these students are quite a few of our customers. They're trying to do the good cause of the UK's doing at the moment and getting them to donate Bitcoins, which obviously do not go to covid-19 go to the threat actors who pocket the money now, that's a little bit of the snapshot that we've done. We've copied 19 and some of the stuff that we're seeing. Now, there's kind of the next steps of how can you do to protect yourself? What can you do now?
We have a slide here just going through Six points there are other points that you can do and but but really I think the first one is obviously use a secure VPN. So a VPN in essence encrypts your traffic from 8 and B, you know tables that hackers of people can't sniff on the wire or sniff to get your information. So most organizations do adopt a VPN. It's very rare. We've come across any letdown but all organizations should be using a VPN to access the organization or even if they're going about their personal business.
Again, more protection even if they're in a white Wi-Fi free spot and they may be using different coffee shops offer free Wi-Fi and they should really be using a VPN if they've got some confidential information. So the first thing is use a VPN the second thing is change your password regularly used to factor where where you cannot know that for certain organizations potentially is it hard to do and but most organizations should be able to use two factor.
That should be mandatory where Isabel but also change your password if that's not possible. So passwords need to be changed regularly and you need to make sure that you adopt your policy around that and making sure that you follow that policy and also that policies in force. The reason being is passwords get a breached on a regular basis and therefore, you know, your password could have been leaked in the open source or the dark web which potentially can be used by a tractor. The third one is quite simple enable antivirus on your hand point the right person bring much.
Need to say anything more about that. I think that standard I think you need to ensure that your device is up to date.
Make sure you download in the patches make sure that it's up to date as we possibly can be and the fifth one down obviously download files from unknown sources, you know be mindful specially now more than ever when we've seen the increase of attacks about people using people getting you to download software to do with covid-19 as I've shown you in the previous slide with some of the scam emails that we're missing and finally, Be aware of phishing emails. So we're seeing a lot of phishing emails being talks in organizations where people are doing reconnaissance on the organization. And again using phishing emails through information or to compromise or the compromise the nation also where there is data breaches, especially on the legal size. It's really important and you get the relevant individuals involved quickly, especially with the Ico and especially we data that might be extracted.
Okay, so that gives Gives you a bit of an overview of secure revive working and I again just want to thank you all for your time today and thank you for joining the presentation. I hope it's been informative. And if you have any questions, please feel free to reach out to myself for all the team. And yeah, thank you very much. Have a great day.

How can we help?

Our expert lawyers are ready to help you with a wide range of legal services, use the search below or call us on: 0330 024 0333