IBM Says TOR Network a Vehicle for Ransomware
Report from the X-Force group says attackers are using TOR to hide their crimes
According to a report from IBM's X-Force team, the anonymous TOR network is increasingly being used to support ransomware schemes and other Internet attack scenarios. Big Blue warned companies and ISPs to start blocking TOR traffic from their networks.
Ransomware, which encrypts the victim's hard drive and demands payment to release the data, is a growing phenomenon around the world. According to the report, attackers use the TOR network to communicate with the victim and transfer monetary payments.
The reports states that the success of the TOR network as a vehicle for petty end-user ransomware attacks and SQL injection has emboldened the perpetrators, and TOR is now used for botnet control and sophisticated industrial espionage.
Although TOR services are intended to be hidden and anonymous, organizations can still take steps to keep them off the network. The report includes recommendations such as:
- Prohibiting the use of unapproved encrypted proxy services
- Prohibiting the use of personally subscribed proxy services
- Prohibiting the download and installation of unapproved software
- Prohibiting the use of personally owned removable devices
- Prohibiting computers from booting to media other than the hard drive
- Using publicly available lists of proxy nodes to block network traffic to and from listed sites
- Implementing a comprehensive desk audit program
The TOR network also has legitimate functions, such as supporting the free speech rights of users in totalitarian countries. Many innocent users implement a TOR node for ideological or political reasons without realizing the node could also be used to stage criminal activities.
Issue 268/2023
Buy this issue as a PDF
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.
-
Linux Mint 21.1 Now Available with Plenty of Look and Feel Changes
Vera has arrived and although it is still using kernel 5.15, there are plenty of improvements sure to please everyone.