By Jane Lo, Singapore Correspondent.
With the pandemic ushering in an era of Work-from-Home technologies and accelerating digital transformation across the many spheres of our daily lives, the opportunities for cyber attackers, unsurprisingly, have also grown exponentially.
Online tools and techniques ranging from social and work meetings to payment methods – such as Google Meet or Microsoft Teams, or cryptocurrency respectively – have seen rapid adoption. At the same time, the cyber threats of potential compromise of these video conferencing tools, and cryptocurrency scams are also rising.
These cyber threats and more, were highlighted at the International Conference on Digital Forensics & Cyber Crime (ICDF2C), organised by the European Alliance for Innovation (EAI).
The 12th edition was held in a hybrid format in Singapore (6th – 9th Dec 2021), and saw an impressive gathering of industry practitioners, law enforcement representatives and researchers from across the globe, sharing on themes ranging from deep technical subjects (for example, generating pseudorandom function services for cryptographic hardening) to password cracking, software vulnerability detection and AI forensics.
In particular, to understand how the rise in the unprecedented shift to online working expand the cyber attack surface, speakers (1) at the session “Forensic Investigations of Google Meet and Microsoft Teams – Two Popular Conferencing Tools in the Pandemic” shared how ease of online communications cybercriminals could use these tools for malicious purposes.
By using industry standard cyber forensics tools, artefacts from range of sources, such as memory, network, browsers and registry could be extracted. While these could be key information for cyber defence in investigations, the speakers also addressed the question on how they could also be exploited by attackers.
“While both applications may be more cybersecure than similar applications in studies, they still present a number of important cyber forensic artefacts that can be used in a malicious manner”, such as “if a malicious person gained access to the unique hyperlink code from the browser files, they could potentially gain access to a Google Meet call that they were not supposed to be on”. In another example “recovery of email addresses in MS Teams about previous contacts could be misused by attackers.”
To assess how cybercriminals exploit the rising popularity of cryptocurrency, speakers (2) at the session “No Pie in the Sky: Digital Currency Fraud Website Detection” pointed out how “cybercriminals usually design the layout of digital currency fraud websites to be similar to normal digital currency websites” and “use some words related to blockchain, digital currency, and project white papers” to confuse and induce victims to invest.
By collecting more than 2,000 domain names of fraudulent websites, they classified the existing methods of the digital currency scams. The result was a proposal to detect fraud through such characteristics as domain name registration time, website ranking, digital currency exchange rate.
Aside from exploiting investors’ enthusiasm, cryptocurrencies are associated with other criminal activities in the dark web, such as purchasing exploit kits.
Exploring “how cryptocurrencies have been involved in cybercriminal activities on the dark web”, speakers (3) at “Do Dark Web and Cryptocurrencies Empower Cybercriminals” explained how dark net marketplaces “allow malicious threat actors to monetize their illicit services (e.g., exploits, hacking tools, and/or stolen information such as credit card and other sensitive information).”
By facilitating anonymous transactions, cryptocurrencies had become one of the widely used payment methods. In addition, the “lack of regulatory limitations and internet governance” and features such as the “globalization of online dark markets” are ”transforming global economy into a zombie economy.”
With the recent news on crackdown on darknet operators, this session that deep dived into this infamous underground economy could not be more timely.
While this “availability of hard-to-trace payment platforms … compounds the challenge of law enforcement agencies in investigating malicious cyber activities on dark web”, there had been some positive news.
For example, the systemic takedowns of dark web sites saw the recent ban by Russia on the use of Tor (the browser for navigating the dark web).
However, this would surely prompt cybercriminals to adopt other means to communicate and trade their tools and services. This ever-evolving threat landscape in cyberspace means that cyber investigators and defenders will undoubtedly be anticipating the next moves by the adversaries.
Hence, how the techniques addressed at today’s workshops on “Intelligence Gathering through the Internet and Dark Web” to equip cyber investigators with skills such as OSINT (open-source intelligence) adapt to these developments will be topics of future conversations.
(1) Forensic Investigations of Google Meet and Microsoft Teams – Two Popular Conferencing Tools in the Pandemic
Speakers from Canterbury Christ Church University – Hannan Azhar; Benjamin Tilley; Jake Timms Canterbury
(2) No Pie in the Sky: Digital Currency Fraud Website Detection
Speakers from Sichuan university – Haoran Ou; Cheng Huang; Zhiying Zhao; Yong Fang; Wenbo Guo; Chaoyi Huang; Yongyan Guo
(3) Do Dark Web and Cryptocurrencies Empower Cybercriminals
Milad Taleby Ahvanooey; Mark Zhu (School of Information Management, Nanjing University (NJU), Nanjing)
Max Kilger; Kim-Kwang Choo (Department of Information Systems and Cyber Security, University of Texas at San Antonio (UTSA))
Wojciech Mazurczyk (Institute of Computer Science, Faculty of Electronics and Information Technology, Warsaw University of Technology (WUT), Poland)