No Code / Low Code for Social Engineering
November 10, 2022
This past weekend, I was in the car with my kids and somehow, I can’t remember how, we got on the subject of the dark web. The conversation bounced around from the Silk Road, to recently seized bitcoin, to stolen passwords, to ways cyber criminals share software and information with each other. Initially, my kids thought I was lying about the whole dark web thing. After some convincing and some smartphone Internet evidence, they let it sink in as real that there is a dark web that’s sort of parallel to the Internet they depend on for basically everything.
I (wrongfully) assumed most people knew about the dark web. Most people do not know about the dark web and, if they do, they don’t really know what is available on it. For both professional and personal reasons, I worry about the dark web a lot.
The dark web, which can be accessed using special browsers like Tor, is a treasure trove of information, data, and software for carrying out cyber attacks.
The Internet connects people. This can be positive. In the case of the dark web, this can be negative as cyber attackers find like-minded and motivated people. They bound ideas off of each other. They ask and answer questions. It really is a lot like Reddit or other social networks where you share information. The difference is that the information being shared can often be used for illegal purposes.
In addition to finding like minded people on the dark web, cyber criminals can also find illegally obtained data on the dark web. Data stolen in breaches, such as usernames and passwords, are widely available. It’s highly likely one of your passwords has been compromised in a data breach and is available for sale on the dark web. This is why you should never reuse passwords.
While there are software tools for various types of cyber attacks, the one I’m going to focus on is social engineering attacks. These attacks, which prey on human nature and essentially trick victims into installing malicious software or entering sensitive information, are the most common form of cyber attack and result in the most number of data breaches.
The dark web has a market for what are called dark web phishing kits. These software packages have everything you need to launch and scale a phishing attack. This includes the software to send emails, the templates for the emails, and even the website templates that look like legitimate websites.
The dark web also has software that, if installed on a victim’s computer, can take control and access sensitive information, including every keystroke.
The dark web has made becoming a cyber criminal much easier. The closest metaphor is the no code / low code movement in software development. In software development, no code platforms and tools today allow people to build websites and apps without ever writing any code. This has broken down barriers for tons of non-developers to develop new technologies.
The dark web is doing the same thing for social engineering and cyber crime. Many social engineering, namely phishing, attacks today are launched by unsophisticated attackers using tools that automate much of the attack. This is a major reason for the proliferation of these attacks.
How can you and your team defend against the dark web? As much as governments have tried to shut down all illegal sites on the dark web, they have not been successful. The dark web is a reality we all have to live with. Here’s what you can do to protect yourself and your team.
Schedule a demo
Get started with a free trial by scheduling a demo today. One of our training experts will walk you through a live Haekka demo.