Weekly Tech Roundup — March 13
The world is adapting to increasing cybersecurity threats, but the impact these changes will have, have only just begun. With vigilante hackers, proposed government bills, and increased rating standards, it seems like the fate of our digital data might be looking up. But with these increases in data protection and security, come sneakier techniques from cybercriminals all their own. What tech headlines did you miss?
The Dark Web is getting smaller
Slowly but surely, the Dark Web is fading away.
According to Bleeping Computer, over the last few months, the number of servers on the Dark Web has shrunk by 85%. There are now only about 4,400 services available. These can be broken down into 4,000 HTTP websites, 350 top-level domain endpoints, 100 SMTP services, and 10 FTP nodes.
A year ago, the number of Dark Web services averaged about 30,000.
Freedom Hosting II, a hoster of over 10,000 Tor hidden services, underwent major hacking in February, and since then numbers have dropped dramatically. Hackers stole the data on these servers and encrypted it—refusing to give it up.
Before this attack, the hosting platform made up 20% of the Dark Web.
As a result, other providers and services have begun dropping off, unable to keep running now that Freedom Hosting II is crumbling.
"We believe that the Freedom Hosting II takedown not only removed many thousands of active sites but also may have affected other hosting providers who were hosting some infrastructure on top of Freedom Hosting II," said OnionScan researcher Sarah Jamie Lewis.
Active Defense Bill could do more harm than good
A bill drafted by Rep. Tom Graves and proposed on Friday allows organizations to hack back at cybercriminals, according to Threatpost.
The bill is called the Active Cyber Defense Certainty Act, and it allows for victims of computer crimes to hack into those that hacked into them without fear of prosecution. The proposal also includes an amendment to section 1030 of the Computer Fraud and Abuse Act.
To qualify as a victim, your device must be “suffering from persistent unauthorized intrusions.” The active defense part of the bill says that the attacked can hack into the attacker’s computer to obtain information.
They cannot cause harm or destruction, however—meaning they can’t fire off an attack of their own.
This brings up many problems, however, including the fact that with the large number of devices affected, it could be difficult to know if the computer organizations that hack back are actually attacking those that attacked them, and not just another innocent bystander. The bill is also extremely broad and vague.
“This bill does expand active lawful cyber defense to hacking back for the expressed purpose of gathering information for attribution. That’s really broad and well intentioned, but it can result in a host of negative consequences for those engaging in this activity. One thing is the lack of limits placed on the conduct authorized under this statute,” said Ed McAndrew, an attorney with Ballard Spahr.
Consumer Reports to begin rating products on security and privacy
Consumer Reports is changing how it rates gadgets and appliances.
According to Computer World, Consumer Reports will begin rating products—using their star system—based on data security and privacy. Its objective is to ensure safer products going forward.
"The goal is to help consumers understand which digital products do the most to protect their privacy and security, and give them the most control over their personal data."
This comes as a response to the vulnerability of IoT devices, many of which have feeble or no innate security measures, making them easy targets for data theft or conscription into botnets. Consumer Reports have made its testing standards available on GitHub and is urging industry vendors to keep them in mind when creating new product and updating old ones.
While Consumer Reports is focused on the U.S. market, it is part of an international federation focused on increasing digital privacy throughout the world.
Stonedrill variant of Shamoon disk-wiping malware makes a comeback
The infamous disk-wiping malware strain Shamoon is back in a new guise, and it is getting ready to take your data by storm.
It has been spotted three times since November after disappearing in 2012, and has targeted a petroleum company, according to Ars Technica. It made headlines for previously taking out more than 35,000 computers at a Saudi Arabian-owned gas company.
The new wiper is being called “StoneDrill” and its new features make it less reliant on command-and-control servers, give it a fully functional ransomware module. StoneDrill is really good at not getting caught, evading detection by forgoing the use of disk drivers during installation and utilizing backdoor functions popular for espionage.
"The discovery of the StoneDrill wiper in Europe is a significant sign that the group is expanding its destructive attacks outside the Middle East. The target for the attack appears to be a large corporation with a wide area of activity in the petrochemical sector, with no apparent connection or interest in Saudi Arabia,” Kaspersky researchers report.
While StoneDrill and Shamoon have many similarities, they aren’t exactly the same wiper. It is possible that they belong to different hacking groups with similar interests. Regardless, it’s apparent that their move from the Middle East into Europe is heightening the need for data protection—and the best way to do that is through computer backup. Once these attackers get into your system, it’s effectively inoperable, but with a fully integrated data protection regimen, you can avoid disaster.
Ransomware attacks Pennsylvania Democratic State Legislature
A recent ransomware attack left the Pennsylvania Senate’s Democratic Caucus without access to their devices for nearly a week.
The attack was discovered on the morning of March 3, and it’s the first-ever attack on a state legislative party organization. Senators were left without access to their computers, data, website, and email, according to Penn Live. Though systems are back up and running, it will still be a few days before operations are back to normal.
Most Senators now have access to their emails, and websites are running somewhat normally.
This hack brings to light the increasing concern for data protection, especially after recent scandals in the political sphere—where information has been hacked, stolen and leaked.
This attack doesn’t seem to be politically motivated, as the hackers have demanded a ransom in bitcoin. It does, however, have the potential to cause lasting damage. The stolen data pertains to grants and legal case files. This is not information officials have on hand, and could impact life going forward.
Democratic floor leader Sen. Jay Costa is confident, however, that they can recover this data from a previous system backup—the only data loss being from individual computers that weren’t backed up recently enough.
“We’ll be able to fall back upon the backup. We’re confident we’re going to be back up and running,” he said. The party will begin handing out loaned laptops issued by Microsoft next week—they will be used temporarily while current hardware is wiped and restored.