In a new threat intelligence report, IBM advised companies to stop using Tor anonymizing software and block it completely from their corporate networks, as protection from the increasing risk of ransomware and distributed denial of service (DDoS) attacks conducted over Tor networks.
According to IBM, Tor makes it too easy for cybercriminals to not merely plant malware, but hide where the malware originated from.
Ironically, while IBM warned that Tor makes it too dangerously easy for people (nefarious or otherwise) to hide their online activities, a leading dark web marketplace temporarily suspended service for the exact opposite reason.
Yesterday, the dark market site Agora announced that it was temporarily shutting down due to Tor vulnerability concerns. In an encrypted message later copied at PasteBin and Reddit, Agora said that “Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations.”
Agora didn't say what specific vulnerability inspired the shutdown, but Karl Bode at Techdirt pointed to a paper recently published by researchers at MIT and Qatar University suggesting that, with the right resources, it would be possible to exploit a Tor vulnerability to identify Tor hidden services at an accuracy rate of up to 88 percent.
IBM's threat report for the third quester of 2015, meanwhile, said that from January through May 2015, there were over 300,000 “events” wherein companies suffered from cyberattacks with origins masked by Tor.