Monitoring the Dark Web protects against cybersecurity threats and provides a view of a world where cybercriminals gather to take advantage of your business. A recent trawl of the Dark Web found over 160 million data records, stolen from at least 12 companies, up for sale. These records contained personal data, including names, email addresses, and passwords. In another Dark Web find, over 500,000 Zoom accounts were available to purchase. The Dark Web is a hive of cybercrime activity, a marketplace used to sell personal data, cybercrime tools, and company intelligence, including Intellectual Property (IP) and login credentials. This armory is then subsequently used to commit cyber-attacks.
The Dark Web doesn’t just contain stolen data for sale. It is a treasure trove for the cybercriminal fraternity with everything they need to run illicit activities. Hidden from normal search engines, the websites, forums, and marketplaces within it, contain the tools and information needed to execute sophisticated cyber-attacks.
Knowing what you are up against is an important part of fighting cybercrime. This is where monitoring comes in. The Dark Web, like other networks, can be monitored. The Threat Intelligence gathered can then be used to prevent the very crimes the Dark Web perpetuates.
Now that employees are Working from Home (WFH) we need to ensure that we double-down on our efforts to prevent cyber-attacks. Monitoring the Dark Web provides your organization with the threat intelligence needed to protect against cyber-attacks across even your extended home networks.
The Dark Web has many legitimate sites and is used by people such as journalists and law enforcement. However, it has also become synonymous with cybercrime. The 225,000 or so websites, forums, etc., that are within the confines of the Dark Web, are only accessible using specialist browsers and search engines, like the Tor browser. These tools provide anonymity to users who enter the Dark Web and come under the protection of the ‘Onion’ Network.
This anonymity is what makes the Dark Web so appealing to cybercriminals. Within the Dark Web, hackers and fraudsters offer a number of services and information, including:
The Dark Web offers a way to exchange information between cybercriminals that is obfuscated from general view. Cybercriminals can effectively act with impunity, sharing details of corporate data such as stolen login credentials, that make a company an easy target for hackers. Home working adds an extra dimension to network security for any organization, additional login credentials, additional device management. WFH presents a golden opportunity for cybercriminals and the Dark Web intelligence communities they use.
Research into the various aspects of the Dark Web found that access to corporate networks was being sold in marketplaces on the dark web. The researchers found that 60% of analyzed sites delivered some form of corporate harm including:
A key method in protecting your organization from the threats inherent in the Dark Web is to monitor the activity within its bounds. However, the closed nature of the Dark Web, which makes it ideal for illegitimate activity, also means it can be difficult for you to monitor it.
Specialist tools are available that drill down into the Dark Web and deliver actionable insights. These solutions look deep into the Dark Web and search for specifics that could be used to breach your company’s IT systems. This typically includes mentions of your organization, email addresses, IP addresses, etc. Dark Web monitoring can also be used to check out vendor vulnerability for vendor risk assessment due diligence.
Gathering threat intelligence for the Dark Web is a key method used to identify potential indicators of compromise and facilitate proactive threat hunting with strategic darknet intelligence.
The actionable insights provided from the intelligence gathered by monitoring the Dark Web offers you a number of benefits.
Monitoring the Dark Web is a proactive way to prevent cyber-attacks. Dark Web Monitoring tools work by performing a crawl of Dark Web sites, including hacker forums. The crawl uses keywords or phrases, for example, a company name or URL. These data are then used to create alerts that a security analyst can use to decide how best to deal with a threat.
It is noticeable that during the COVID-19 pandemic, Dark Web marketplace numbers have increased significantly. Data from Tor Metrics shows that sites with the .onion extension (denoting sites in the Onion network) more than doubled between April 2020 and May 2020. Cybercriminals will take advantage of any opportunity that opens up to cause havoc, steal data, and extort money. WFH is such an opportunity. The Dark Web gives those fraudsters a way to hide their illegal activities. Dark Web monitoring redresses the balance and allows us to see inside their illicit den to create actionable insights to protect our organization.