Categories: Security

IBM Tells Companies To Block Tor On Security Grounds

The Tor anonymisation network is increasingly used as the point of origin of attacks on public- and private-sector organisations, according to a new report by IBM, which recommends administrators ban access to the network.

The report also noted increases in SQL injection and distributed denial-of-service attacks and of “ransomware” incidents that encrypt data belonging to an individual or an organisation, and then charge a fee to decrypt it.

Anonymity

Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network.

However, the network is also widely used for criminal purposes, such as operating contraband websites, and it is increasingly being used by attackers to hide their identities as they scan for vulnerabilities or carry out attacks, IBM said.

“The design of routing obfuscation in the Tor network provides illicit actors with additional protection for their anonymity,” said IBM’s X-Force research team in its “Threat Intelligence” report for the third quarter of this year. “It can also obscure the physical location from which attacks originate, and it allows attackers to make the attack appear to originate from a specific geography.”

Loading ...

Tor-based attacks

IBM said its data shows a “steady increase” over the past few years in attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic.

“Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic,” IBM said in the report.

IT and communications technology companies were the most affected by “malicious events” originating from Tor between January and May of this year, being affected by more than 300,000 events during the period, followed by manufacturing and financial services firms, IBM said.

The US was the top geography of origin for Tor-based attacks, followed by the Netherlands and Romania, but this spread reflects the prevalence of Tor exit nodes rather than the actual location of attackers, according to the study.

Companies have “little choice” but to block Tor-based communications, IBM said.

“The networks contain significant amounts of illegal and malicious activity,” IBM stated in the report. “Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions.”

The company offered technical pointers on blocking Tor access, including altering computer boot configurations and limiting the use of proxy services.

Ransomware

IBM said SQL injection attacks are on the rise, in part due to the growing use of simplified attack tools such as Havij, which was originally developed for security researchers.

The report also found a speedy development in ransomware, including the appearance of “ransomware as a service” and highly specialised attacks, such as those that target the local files of popular online games.

“We are observing the start of a prolonged battle with ransomware, as ransomware attacks diversify from simple scams to more elaborate ones that target high-value communities or businesses,” IBM stated.

A single ransomware tool, CryptoWall, has made attackers about $18m (£11m), according to FBI figures cited in the report.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

View Comments

  • This is utterly absurd. The approach to "security" is a joke. You can't stop these attacks by blocking the Tor network because there are other better/easier avenues of attack which aren't obvious or done through Tor. Ignorance and incompetence plague the security world. Security doesn't come from blocking Tor. Security comes from patching holes in software and its the poor tech that companies are implementing that are the real security threats.

  • Why would IBM to make such an assertion?
    Because it's in their interests, and their attempt to spin it so as to make it sound like they have our safety at heart is utterly laughable and completely transparent.
    There are certainly many areas where internet security needs to be much improved, but their attempt to demonize tor users has nothing at all to do with addressing those issues.
    How stupid do they think we are?

  • the basis for Tor is understandable, everybody likes to know their details and what they do is kept private....unfortunately, Because of how Tor works, allot of very very bad and cruel people have been allowed to show their works on the Internet knowing they'll not be discovered...a.k.a The Deep Dark Web, very sick and twisted and this needs to be stopped at all cost, so if by shutting down websites like Tor, in order to stop the privacy of these people, then so be it.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

7 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

10 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

11 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

12 hours ago