Monitoring the Dark Web protects against cybersecurity threats and provides a view of a world where cybercriminals gather to take advantage of your business. A recent trawl of the Dark Web found over 160 million data records, stolen from at least 12 companies, up for sale. These records contained personal data, including names, email addresses, and passwords. In another Dark Web find, over 500,000 Zoom accounts were available to purchase. The Dark Web is a hive of cybercrime activity, a marketplace used to sell personal data, cybercrime tools, and company intelligence, including Intellectual Property (IP) and login credentials. This armory is then subsequently used to commit cyber-attacks.

The Dark Web doesn’t just contain stolen data for sale. It is a treasure trove for the cybercriminal fraternity with everything they need to run illicit activities. Hidden from normal search engines, the websites, forums, and marketplaces within it, contain the tools and information needed to execute sophisticated cyber-attacks.

Knowing what you are up against is an important part of fighting cybercrime. This is where monitoring comes in. The Dark Web, like other networks, can be monitored. The Threat Intelligence gathered can then be used to prevent the very crimes the Dark Web perpetuates.

Now that employees are Working from Home (WFH) we need to ensure that we double-down on our efforts to prevent cyber-attacks. Monitoring the Dark Web provides your organization with the threat intelligence needed to protect against cyber-attacks across even your extended home networks.

How Cybercriminals Use the Dark Web?

The Dark Web has many legitimate sites and is used by people such as journalists and law enforcement. However, it has also become synonymous with cybercrime. The 225,000 or so websites, forums, etc., that are within the confines of the Dark Web, are only accessible using specialist browsers and search engines, like the Tor browser. These tools provide anonymity to users who enter the Dark Web and come under the protection of the ‘Onion’ Network.

This anonymity is what makes the Dark Web so appealing to cybercriminals. Within the Dark Web, hackers and fraudsters offer a number of services and information, including:

• Tools of the trade: Cybercriminals can buy and sell the tools needed to carry out cyber-attacks. This includes renting Phishing kits to carry out phishing campaigns and Ransomware-as-a-Service (RaaS) to extort money.
• Chat rooms and forums: Hackers and fraudsters exchange intelligence on targets and update each other on techniques using chat rooms.
• Hackers for hire: Freelance portals where cybercriminals offer their services.
• Data for sale: The Dark Web has many marketplaces that sell stolen data for fraudulent use. Data can include personal data as well as company data such as IP, source code, company information, and digital certificates.

What is Threat Intelligence for the Dark Web?

The Dark Web offers a way to exchange information between cybercriminals that is obfuscated from general view. Cybercriminals can effectively act with impunity, sharing details of corporate data such as stolen login credentials, that make a company an easy target for hackers. Home working adds an extra dimension to network security for any organization, additional login credentials, additional device management. WFH presents a golden opportunity for cybercriminals and the Dark Web intelligence communities they use.

Research into the various aspects of the Dark Web found that access to corporate networks was being sold in marketplaces on the dark web. The researchers found that 60% of analyzed sites delivered some form of corporate harm including:

• network compromises
• suspension of online services (DDoS)
• financial loss.

A key method in protecting your organization from the threats inherent in the Dark Web is to monitor the activity within its bounds. However, the closed nature of the Dark Web, which makes it ideal for illegitimate activity, also means it can be difficult for you to monitor it.

Specialist tools are available that drill down into the Dark Web and deliver actionable insights. These solutions look deep into the Dark Web and search for specifics that could be used to breach your company’s IT systems. This typically includes mentions of your organization, email addresses, IP addresses, etc. Dark Web monitoring can also be used to check out vendor vulnerability for vendor risk assessment due diligence.

Gathering threat intelligence for the Dark Web  is a key method used to identify potential indicators of compromise and facilitate proactive threat hunting with strategic darknet intelligence.

Benefits of Dark Web Monitoring During Home Working

The actionable insights provided from the intelligence gathered by monitoring the Dark Web offers you a number of benefits.

• Brand protection: Your  company's reputation is impacted by cyber-attacks. A study from Radware found that 43% of companies had reputation loss after a cyberattack.
• Discover insider threats: Hackers have been recruiting employees of target firms on the Dark Web for collusion purposes.
• Prevent ransomware attacks: Spot the latest trends in ransomware and monitor the likelihood of your industry sector or your organization being targeted in ransomware campaigns.
• Search for compromised data: Locate compromised data for sale on the Dark Web.
• Vendor due diligence: Provide intelligence on at risk third-party vendors and cloud-based service providers
• Prevent other cyber-attacks: Detect and prevent spoofing and DDoS attacks
• Discover data breaches: Monitor and search for data leaks.

How Monitoring the Dark Web Helps Prevents Cyber-Attacks

Monitoring the Dark Web is a proactive way to prevent cyber-attacks. Dark Web Monitoring tools work by performing a crawl of Dark Web sites, including hacker forums. The crawl uses keywords or phrases, for example, a company name or URL. These data are then used to create alerts that a security analyst can use to decide how best to deal with a threat.

It is noticeable that during the COVID-19 pandemic, Dark Web marketplace numbers have increased significantly. Data from Tor Metrics shows that sites with the .onion extension (denoting sites in the Onion network) more than doubled between April 2020 and May 2020. Cybercriminals will take advantage of any opportunity that opens up to cause havoc, steal data, and extort money. WFH is such an opportunity. The Dark Web gives those fraudsters a way to hide their illegal activities. Dark Web monitoring redresses the balance and allows us to see inside their illicit den to create actionable insights to protect our organization.