Short Bytes: A report from IBM researchers has shown that the use of Tor network is on the rise. As a result, the growth of malicious traffic and hacking attacks originating from the Tor network is higher than ever.
Recently, IBM X-Force Threat Intelligence Quarterly report was released and it indicates that the Tor network is becoming a bigger source of the malicious traffic that arises from Tor exit nodes.
The Tor exit nodes are the face of Tor to the rest of outer internet. As the encrypted message is passed from one computer to another, each intermediate Tor node removes one layer of encryption. The last Tor node, also called the exit node, forwards the request to the destination by revealing the original source.
Also read: Basics of Tor and Traffic Fingerprinting
Creating a Tor node is easy and this ease brings some complex security-related consequences. In the case of setups like Tor honeypotting using the exit nodes and traffic fingerprinting, the security concerns increase exponentially.
The IBM researchers have gathered data from January 1 to May 10 and used it to dedicate the fact that most malicious traffic originates from the exit nodes hosted in USA, Holland, Romania, France, and Luxembourg.
The report also highlights that SQL injections are the most common attacks being planted, closely followed by vulnerability scanning attacks and DDoS attacks. It should be noted that Tor offers the attackers an easy way to hide their location and change their exit nodes after their IP is banned after detection.
IBM report says that Tor can provide attackers a significant amount of ease to achieve their goals, but they leave some trails behind. However, the corporate networks just have a choice to detect communications to these networks.
Do you use Tor network to access the internet? Having something to add? Tell us in the comments below.
Get 89% off on Pure Python Hacker Bundle here