What is the Dark Web?

You’ve heard of the dark web…but what exactly is it? Here are some FAQs courtesy of DARKWEB ID.

The Dark Web is a hidden universe contained within the “Deep Web”- a sub-layer of the Internet that is hidden from conventional search engines. Search engines like Google, BING and Yahoo only search .04% of the indexed or “surface” Internet. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the surface Web and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.

Free download

Download the free DARKWEB FAQ sheet now!

Download a free FAQ sheet that explains how to protect yourself, what it means if your organization’s credentials have been exposed and much more…

Information courtesy of DarkWeb ID.

DIGITAL RISK PROTECTION ACTIVITY BOOK

This fun activity book teaches kids of all ages about Digital Risk Protection. In this book, three heroes work together to help people and businesses protect their information from being stolen by bad guys. Billy, Penny, and Danny work very hard to guard important Digital Data like passwords, files, banking documents, personal information, business secrets or anything else that is stored on a computer or in the cloud and keep it protected and safe!

DOWNLOAD NOW

This book is courtesy of www.idagent.com.

Do you know what password spraying means? In the guide below, you can learn about ways to help your business against COVID-19-related scams. Here is a COVID-19 Cyber Threat Exploitation guideline created by the Cybersecurity and Infrastructure Security Agency (CISA) and United Kingdom’s National Cyber Security Centre (NCSC). Please feel free to share as needed. For more information on the CISA or NCSC, visit www.cisa.gov/coronavirus.

COVID-19 AND RELIEF CHECK SCAMS

The rollout of COVID-19 relief checks in the US has created a new open door for cybercriminals. 

An estimated 4,300 malicious web domains related to COVID-19 relief have popped up in the last month, and Google reports that they’re stopping 18 million suspicious COVID-19 related emails per day.

-IDAGENT

With “Where’s my stimulus check?” a top query on Google, many of these domains are being used to snare unsuspecting users into giving away their personal information. There’s a huge onslaught of phishing attacks that aim to capture personal information or deliver malware using COVID-19 money as a hook.

With most working remotely, warn your staffers to be on the lookout and be very wary of downloading any type of guide that helps them claim their stimulus check or other items of that nature. If a staffer checks their personal email on their work computer and downloads a guide that is malware, it’s now a business problem.

STAY AWARE AND SKEPTICAL WITH EVERY EMAIL THAT ARRIVES, BUSINESS OR PERSONAL.

Most of us understand what a phishing attempt is and how to protect yourself. The basics of protecting yourself from a phishing attack is not to open any emails you don’t recognize and specifically, don’t click on suspect links. 

PHISHING TRENDS

Today’s phishing attack happened last week to one of the world’s largest domain name registrars, GoDaddy.com. One of their customer service employees fell victim to a social engineering attack which led to the infiltration of GoDaddy.com’s clients, instead of just GoDaddy itself. 

The hackers used their infiltration to grab DNS records from one of GoDaddy’s clients, Escrow.com. Escrow.com, an online broker of sorts, was one of five clients that were comprised during this phishing attack. On Monday evening, Escrow.com’s website had its homepage hijacked with a profanity-laced message left by the hackers. Although no systems seemed to be compromised or customer data, the DNS records were redirected to a third-party web server in Malaysia.  

FUTURE TRENDS

The trend is that hackers are targeting more and more companies that are responsible for DNS records. Just last December 2019, another popular domain registrar based in The Netherlands, OpenProvider, was also attacked and, ultimately through a series of complicated acts, thieved another domain e-hawk.net whose service is to help websites detect and block fraud! An Iranian group successfully attacked major companies via DNS-based attacks where they stole countless passwords and VPN credentials leading to the coining of the term DNSpionage. 

 PROTECT YOUR DNS RECORDS

One way to protect your DNS records are to acquire a registrar lock. This service requires the registrar to confirm any requested changes with the domain owner through manual contact. It can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked. Shockingly, a miniscule 22 percent of domain names tracked in Forbes’ list of the World’s Largest Public Companies have secured registry locks! Some services include Verisign, Nameshield and others. 

Source

https://krebsonsecurity.com/2020/03/phish-of-godaddy-employee-jeopardized-escrow-com-among-others/?web_view=true