Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

TOR Network Increasingly Being Abused by Cybercriminals: Kaspersky Lab

The TOR Network’s promise of anonymity is attractive for all kinds of Web users, human rights activists, political dissidents and everyday users concerned about privacy.

But this same anonymity also makes it attractive for cybercriminals.

The TOR Network’s promise of anonymity is attractive for all kinds of Web users, human rights activists, political dissidents and everyday users concerned about privacy.

But this same anonymity also makes it attractive for cybercriminals.

At Kaspersky Lab, researchers say there has been an uptick in criminal activity on TOR during the past few months.  

“Although the Tor infrastructure and cybercriminal resources are not on the same scale as the conventional Internet, we managed to find approximately 900 hidden services online at the current time,” blogged Sergey Lozhkin of Kaspersky Lab. “There are also approximately 5,500 nodes in total and 1,000 exit nodes, but the possibility of creating an anonymous and abuse-free underground forum, market or malware C&C [command and control] server is attracting more and more criminals to the Tor network.”

These underground marketplaces are used to move everything from drugs to weapons to malware. Carding forums are present as well, and stolen personal information is also for sale. Bitcoins play an important role in many of the transactions on these markets, Lozhkin explained.

“Almost everything on the Tor network is bought and sold using bitcoins,” he blogged. “Although it’s almost impossible to make a connection between a bitcoin wallet and real person, it is possible to track bitcoin transactions as all of them are transparent and public, to build up a scheme of what’s going on and find out the most valuable transactions made via bitcoin exchange services. That’s why money laundering services exist on Tor. Cybercriminals can create an account, deposit bitcoins and they will be broken up into various quantities, transferred through dozens of different wallets to make any investigation highly complicated.”

There has also been an increase in the amount of malware using TOR to mask their command and control infrastructure. Some recent examples are a 64-bit version of Zeus detected a few months ago and a piece of malware known as ChewBacca linked to attacks on point-of-sale systems. Late last month, researchers at Kaspersky Lab also spotted malware aimed at Google Android using TOR to hide its command and control as well. 

“While cyber-criminals have been using Tor for many years to communicate or to hide their location, only recently we have started to see Tor functionality being included in the actual malware,” said Stefan Tanase, senior security researcher at Kaspersky Lab.

Advertisement. Scroll to continue reading.

“Unfortunately there isn’t much that can be done differently in regard to criminal forums hosted on Tor hidden services,” he added. “While such forums are operating anonymously in the clear internet as well, the only way law enforcement manages to shut them down is through classic investigation techniques – such as following the trail of the money in most cases.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.