When thinking about the different types of cyber threats, what are the ones that immediately spring to mind? Most will be thinking along the lines of ransomware, phishing, denial-of-service (DoS) and malware, to take just a few examples.
These kinds of attacks are significant, and obviously deserve your attention when it comes to security. However, they are also a very specific type of tactic used by cybercriminals. They are direct attacks on an organisation, and all have been covered extensively by the media in recent times because of a series of high-profile incidents with major organisations. For example, the NHS was targeted by the crippling WannaCry ransomware attack earlier this year. Facebook and Google were also victims of phishing attacks that cost the organisations $100 million. And the BBC website was unavailable for hours after the biggest DDoS attack in history last year.
The pure focus on attacks, though, blights one’s view of the cyber threat landscape because there is so much more to cybersecurity than protecting against direct attacks. One threat commonly overlooked by businesses, for example, is the dark web.
The dark web — an underground danger taking you for a ride
Because the dark web doesn’t constitute a direct attack on an organisation, like ransomware or phishing, it’s one that many organisations don’t particularly consider as part of their security strategies. However, as a cybersecurity analyst who has followed the dark web closely over the past few years, I’d argue it’s as major a threat to businesses today as any other. It’s a silent killer in today’s cyber world — a covert operation that threatens to expose company secrets and damage reputations beyond repair.
The dark web — an extension of the deep web, and also sometimes known as the invisible web and hidden web — is what makes up a huge proportion of the world wide web. As well as a marketplace for illicit material like weapons, drugs and worse, the dark web is now a growing marketplace for stolen corporate data like customer databases, financial transactions, leaked emails and employee login credentials.
And because cybercriminals are finding data increasingly lucrative compared with the risks in dealing with and delivering guns or drugs, many are turning to the dark web to make a profit after committing theft through phishing attacks or by using compromised employee login credentials. Many might argue that with the recent shutdown of two of the biggest dark web marketplaces, Hansa and AlphaBay, the threat of the dark web is diminishing, but the truth is, the moment two sites shut down, four more often spring back in its place. The 20+ sites below, for example, are or were common marketplaces used by cybercriminals for the sale of data.
- Dream Market
- Valhalla (Silkkitie)
- Tochka (rebranded as Point Market and a new URL)
- Sourcery Market
- Aero Market
- Libertas Market
- Berlusconi Market
- House Of Lions*
- Apple Market*
- Wall Street Market
- Zion Market*
- Crypto Market*
- Silk Road 3.0
- The Majestic Garden
- Ramp (Russian Forum)*
- Darknet Heroes League*
- RsClub Market
- The Open Road*
* currently offline
Don’t be fooled by those that are currently offline. Sites on the dark web have a habit of disappearing and then resurfacing — sometimes with a new name, sometimes trying to borrow some of the ‘brand equity’ of some of the most well-known and longest-running dark web sites. That said, the dark web is certainly an environment that encourages the survival of the fittest; there are always plenty of new threats to take the place of those that do not resurface.
Sites with similar names also surface in an attempt to persuade cybercriminals to inadvertently part with their login credentials to other “genuine” (illegal) dark web marketplaces. It’s very much a dog-eat-dog world — and not a safe place to explore safely.
Every business is a target
Internet giant Yahoo! has arguably been one of the hardest-hit victims to date, with cybercriminals selling much of its database for £240,000 on the dark web. Mobile network provider O2 was also badly hit, resulting in the names, numbers, dates of birth, emails and passwords of customers being listed for sale on the dark web.
But it’s not just big businesses who are targets — cybercriminals like preying on small businesses, which often have fewer IT resources dedicated to security, and are therefore less likely to be able to detect a breach. And the most worrying part of the dark web from a business point of view is that if you haven’t detected the data theft in the first place, you’re highly unlikely to detect the sale of your data because the dark web is, well, hidden.
In fact, most organisations struggle to detect a breach full stop. In 2016, European companies took more than 450 days to spot a breach on average, which leaves criminals plenty of time to snoop around networks, files and folders before discovering something sensitive and lucrative — and leaving before anyone finds out.
Dark web monitoring — the new kind of breach detection
While detecting and stopping a data breach the moment it happens is likely to remain elusive to organisations for quite some time, the alternative is to monitor the dark web for the sale of your data.
Monitoring the dark web manually, though, is never a good idea. Not only are your IT teams likely to come across horrifying and mentally scarring material, they’ll also need to spend a huge proportion of their time sifting through millions of different dump sites to check for data. It’s obviously an impractical task for any team to take on, no matter how large.
Monitoring the dark web, though, is possible through advanced search technology. This kind of technology can run in the background, continuously monitoring the dark web, and alerting you immediately to any data dumps containing your property. Once you’re aware of the presence or the sale, you can do something about it. But if you’re not aware, criminals will continue to take advantage of you.
Dark web monitoring in this way promises to reduce the amount of time between the occurrence of a data breach and your finding out about it, which in turn helps reduce the window of opportunity that criminals have to make copies of your data and pass it on.
This kind of security extends beyond traditional perimeter protection, which, in isolation, is no longer enough to keep cybercriminals out and your data in. The sheer wholesale availability and use of compromised credentials in attacks these days (75% of attacks now use compromised credentials, according to Verizon) renders many perimeter protection techniques virtually ineffective because they cannot detect intruders who use legitimate logins to gain access to corporate networks.
The alternative is to focus on protecting your data as well as your networks. And with the deadline to comply with the EU’s GDPR regulation coming up next year, organisations need to prove that they’re doing everything they can to protect their customers’ data. Part of GDPR compliance is knowing exactly where that data is. But with the silent threat of the dark web, your company’s confidential data could well have already left your perimeter — without you even knowing it’s gone.
Patrick MartinPatrick Martin, Cybersecurity Analyst at RepKnight
Image Credit: Sergey Nivens / Shutterstock