More blackhats are being drawn to using The Onion Ring (TOR) to hide their online activity.
According to media reports, as well as being a great hiding mechanism for underground markets dealing in illegal items, TOR is also being used by cyber crooks to hide their criminal activities and infrastructure.
According to Kaspersky Lab’s Sergey Lozhkin, its research found that there were approximately 900 hidden services online at any current time, and it found versions of Zeus with TOR capabilities and the first Tor Trojan for Android. “Although creating a Tor communication module within a malware sample means extra work from the malware developers, there will be a rise in new Tor-based malware, as well as Tor support for existing malware,” he said.
Commenting, Sean Power, security operations manager from DOSarrest Internet Security, said that for attackers using denial of service tactic, using the Tor network is just another way for them to anonymise their traffic.
“Normally, there would be measures in place to stop all traffic from ‘known’ blacklisted domains or points of origin, but with Tor, attackers can disguise their attack traffic which will hinder the mitigation efforts because it will be harder to spot and identify,” he said.
“Companies can prepare by including preset rules to throttle or deny known TOR exit points which could help decrease the attackers’ points of origin. It also further highlights the need to have a dedicated DDoS protection team in place, either internally or externally, who can react quickly when DDoS attackers strike.”
