I have attended a training about Digital threats not long time ago. It is about threats, attacks, and dark sides from internet plus how to protect ourselves from them. This sounds interesting and I would love to share you here.

Know our assets

First of all, we need to know what are our valuable assets. There are any of:

  • Identity: social media accounts, real name, etc.
  • Personal information: citizen ID, date of birth, etc.
  • Financial information: credit card numbers, bank account number, etc.
  • Medical information: patient ID, health records, etc.
  • Secrets: login passwords, access tokens, etc.

biggest data breaches

  1. Visualization at https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  2. Check our own at https://haveibeenpwned.com/

Threats

There are many sorts of threats happen in the digital worlds. Examples are:

  • State-sponsored
  • Organized crime groups
  • Hacktivists or hackers
  • Terrorists
  • Malicious insiders
  • Script kiddies
  • Extremists
  • AI

Attack vectors

Many ways to build a method to attack someone, such as:

  • Social engineering
  • Deepfake
  • Weak passwords
  • Compromised credentials
  • Misconfigured devices
  • Software vulnerabilities

Examples of attacks

  • Evil links in emails
  • Vishing: A phishing VDO. It would be a call to ask credentials, now Deekfake.
  • Keylogging
  • Backdoor
  • Ransomwares. There is Malware Hunter team helping people from ransomwares at https://id-ransomware.malwarehunterteam.com/

Dark webs

96% in the internet world are not found by search engines (refer to this.) Few of it are dark webs. Dark webs are accessible through only certain softwares or configurations.

Risks

  • Illegal
  • Security identity could be breached
  • Financial data leaks
  • Psychological effects

Black markets

Black markets is also there in dark webs. These are available in black markets.

  • Drugs
  • Weapons
  • Stolen credit cards
  • Fake IDs

Examples of black markets

  • Silk road (inspired the movie Silk Road)
  • Alphabay
  • Hansa
  • Welcome to Video

Dark web access

  • Tails OS
  • Onion mail
  • Whonix OS
  • Tor browser

Examples of dark web sites

  • The Hidden Wiki
  • Onion Links
  • Lockbit (popular ransomware)

Dark web currencies

  • Bitcoin (ten years ago)
  • Monero
  • Litecoin
  • Zcash

books

  • The Ransomware Hunting Team
  • Pegasus
  • Tracers in the dark
  • Tor: accessing the deep web and dark web with Tor

Digital self-defence

This is how we can protect when living in digital world.

Encryption

  • Secrets + 2FA (2-factor authentication, read more here)
  • Backups
  • Secure disposal: remove data securely and
  • Avoid phishing
  • OS and Apps updates
  • Public networks: Free Wi-Fi usage with awareness
  • Shopping online: secure online transactions on trusted websites
  • Prevent malware: not download nor install apps from untrusted sites

Threat modeling

Threat modeling is a digram to assess and communicate our security structures. We can use https://app.diagrams.net to create a simple diagram.

  • Use shapes in section “threat modeling”
  • Example diagram from lecturer
  • A-box is Asset
  • C-box is Controls, methods to protect the assets and mitigate the risk
  • TA-box is Threat Actor

Below is the link I googled about threat modeling process from OWASP.

Threat Modeling Process | OWASP Foundation
Threat Modeling Process on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
OWASP logo

Hope this helps and reminds you not to lower your guards down. The threats are around even in the cyber world.