The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) issued a warning to businesses about them risks associated with Tor.
Tor software, managed by a non-profit organization Tor Project, has been created to provide anonymity to users and bypass censorship.
However, in addition to ordinary users, this software has also attracted their attention hacker, who use it to cover their tracks when carrying out illegal activities.
Some of the malicious activities carried out by malicious agents include monitoring, system breach, data export, denial of service (DoS) attacks, and dissemination. ransomware. In addition, Tor is often used to communicate with a command and control server (C&C).
Tor's use allows an attacker to hide his identity and prevent a quick recovery from one cyber attack. For this reason, the businesses they must take the necessary measures to block and monitor all traffic to and from the Tor network, in order to detect any illegal activities.
According to the protection agencies, each company should be able to understand if users want the software to be legal. activities and of course take into account the risks involved.
To detect malicious activity from Tor, businesses can use analysis based on indicators or behavior for log files. network, endpoint and security tools. Tools SIEM and the like, can help in this direction.
Η CISA In fact, some steps have been taken that companies can follow to protect themselves from the risks associated with Tor, such as controlling and analyzing traffic on a network or even blocking data entering and exiting public nodes.