Over the past year or so we’ve been working to raise awareness of the dangers that the Dark Web poses to businesses in different sectors. No longer are the murky parts of the Internet simply reserved for the trade of firearms, drugs and other illegal items. Now, the Dark Web is a haven for the sale of data— and much of that data belongs to businesses who are quite unaware that cybercriminals are taking them for a ride, and even unaware that they’ve experienced a data breach in the first place. This is not always targeted and is quite often opportunistic based on what they come across.
Some, though, are arguing that the threat of the Dark Web is diminishing. And while it is true that dark web stalwarts AlphaBay and Hansa closed down last year, and criminal activity is certainly rising on the likes of Telegram, businesses must not make the mistake of thinking that the Dark Web’s threat is lessening — it really isn’t.
Buyers and sellers need an accessible marketplace in order to trade goods. If you have your known contacts, then yes it makes sense to message or contact them on relatively secure channels such as Telegram. However, the forums and Dark Web markets offer so much more by way of anonymity, secure and anonymous payment methods, escrow facilities and window shopping without any contact.
Heaps of corporate data still appear daily on the Dark Web
Our team of analysts at RepKnight see cybercriminals discuss and post millions of posts every day on TOR, IRC and hundreds of dump and bin sites containing sensitive corporate data. We estimate that around one-third of what’s for sale on the Dark Web is data. Some of this is regurgitated, but while stolen credentials are still valid they will sell. And this increases the exposure of that data if it is yours and the likelihood that it will be reused against your company.
It doesn’t matter what industry you’re in — the Dark Web is a threat to you.
For example, the Dixons Carphone breach revealed this week was most likely facilitated by compromised credentials posted in dumps from previous third-party breaches. Analysing the UK’s top 500 law firms, we found a million email addresses belonging to employees at 198 of the firms on the Dark Web through no fault of any of the companies’ cybersecurity. Looking at the UK’s Russell Group of universities, we found 5 million email credentials exposed on the Dark Web. A substantial number of these finds included cleartext passwords. We’ll be analysing more verticals this year to demonstrate that it doesn’t matter what industry you’re in, criminals are after your data.
What you can do about it
The issue most businesses have with the Dark Web is that they have no idea how to tackle it. Spending hours trawling through dark web sites is neither practical nor advisable (you’ll be entering the dragon’s lair), which leaves you no alternative but advanced monitoring technology. This kind of technology behaves in the same way that Google Alerts does for the visible web — alerting users quickly whenever certain keywords appear on the Dark Web. So, if you’re unlucky enough to suffer a data breach, you’ll at least be able to mitigate the damage. And the more companies that use dark web monitoring tools and perform early remediation, the less lucrative cybermarkets will be for criminals, and the less dangerous the dark web will become once and for all.