Be aware enterprises, it’s time to block Tor

With the increase of Tor-based attacks, something needs to change, and IBM is advising companies to start blocking Tor.

A research conducted by the IBM X-Force team reveals that SQL injection, distributed denial-of-service attacks and vulnerability reconnaissance activity are growing, and cyber criminals are exploiting the Tor network even more to protect their anonymity.

The reason why these attacks leveraging on the Tor network is that the popular anonymizing architecture allows attackers to mask their identity and make ineffective countermeasures based on the knowledge of the source of the offensive.

In the US only, in 2015, the number of cyber attacks and other malicious events that relied on the Tor network is 150.000, and experts speculate that this value will grow up until the end of the year.

Besides the fact that Tor is being used to anonymized the attackers identity, another factor emerges from the research, the Tor network is being used to target big IT and communications companies.

Researchers uncovered a number of targeted attacks affecting SCADA systems.

“They are specific targets,”, “They [the Tor-based attackers] are looking for information” said the senior threat researcher with IBM X-Force John Kuhn

“I tell companies to just block Tor for incoming and outgoing””It might have been a great tool at one time to [provide] privacy, but it’s not a place you want your corporate network to have any connection to.”

According to the expert the drastic measure is the unique effective from the perspective of a company which has no reason to allow the access to the Tor network (besides some specific cases that can be explicitly allowed).

The study of the X-Force team revealed that SQL injection is the most prevalent attack exploiting the Tor network due to the availability of applications like Havij.

“It’s really popular: it was intended for pen testers, but malicious actors use it constantly,” “We also saw a lot of blind SQL injection and pointed SQL injection, and a lot of vulnerability scanning.”

Tor is being used to hide the control infrastructure for botnets, making them resilient to the take over operation conducted by security firm and law enforcement.

“What they’re doing is using a distributed method,”, “They issue a command from all those nodes and it spans from 100 to 150 exit nodes at once. So you get an onslaught of attacks from different Tor exit nodes.”.

“In general, networks should be configured to deny access to websites such as or any other sites associated with anonymous proxies or anonymization services such as Tor and The Invisible Internet Project (I2P). Users should be warned that accessing prohibited websites could result in disciplinary action,”

However we cannot ignore the importance of the Tor network as an instrument to bypass the censorship applied by many governments.

The measure suggested by the IBM could be limited to corporate environments from attacks that rely on the Tor network.

Pierluigi Paganini


FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase