The Dark Side Of The Web

The Dark Web consists of the parts of the Internet which cannot be accessed through normal  search engines like Google.  Although most people will never go there, public awareness of it stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records.

When eighty percent of data breaches are a result of weak passwords and we consider that ninety percent of th UK population admit to password reuse, despite being well aware of the consequences, this is truly alarming. Most people don’t really understand the true extent of the Dark Web, with some  estimates that it accounts for over 90% of the entire world wide web. 

On the Dark Web, you can purchase cyber crime “how-to kits” that gather lists of breached names, account numbers, passwords, and even telephone support lines for the victims to call. It’s not difficult to get on the Dark Web using the TOR browser, but make no mistake, just because you’re on the Dark Web doesn’t mean you’re anonymous. 

A recent Report from the University of Surrey revealed that almost two-thirds (60%) of listings on the Dark Web had the potential to harm enterprises. 

While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves. Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. 

Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.

Is Your information On the Dark Web?

Research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web, and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think, since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.

Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. 

Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.

Become Cyber-Aware 

Detection is undoubtedly pivotal in keeping ahead of fraudsters, but the foundations begin with awareness. The majority of breaches take place as a result of simple mistakes which can be easily addressed, using your Facebook password at work or failing to change the default settings of connected devices. But at the same time, businesses must stress the importance of being cyber-aware and foster a culture of security awareness throughout the organisation.

While some businesses have started reopening their doors, many of us will continue working from home for the foreseeable future. Driving cyber-aware practices should therefore be a priority, requiring each department to work together and get their security practices up to scratch. 

The security challenge is constantly evolving and will likely become even more complex as digital migration continues. 
With the risks of the Dark Web always looming, we’d all benefit from refreshing our cybersecurity practices. A good place to start is by using randomly generated passwords which are unique across different platforms; from there, implementing solutions with built-in privacy features will help to prevent another dark web horror story.

Government Action

Governments are becoming increasingly aware of the Dark Web and its signifcance in cyber crime. In Australia, law enforcement agencies will be given increased powers to tackle the dark web under a $1.7 billion federal Government Cybersecurity Plan. The change will allow the Australian Federal Police and Australian Criminal Intelligence Commission to identify individuals and their networks engaging in serious criminal internet activity. Prime Minister Scott Morrison said the record $1.66 billion spend would help cyber security become a fundamental part of everyday life. But the dark web and encrypted communications apps make identifying suspects extremely difficult.

Organisations should never attempt to access the Dark Web without expert help. It is a time consumning and slow process and the costs of hiring someone to do this manually are often not justified.  Far away from search engine catalogues, it’s a messy place and it’s very difficult to gain proper visibility into what may be happening in the dark web by browsing it manually.

The best way to monitor the Dark Web is via an automated monitoring solution from a specialist firm like Echosec and Skurio that will safely scan multiple sources and can provide peace of mind. Their experts can then provide advice on and help with removing data, informing users, investigating further or taking other actions should a breach be detected. 

Forbes:         USA Today:      Information Security Buzz:    Young Witness:     Charity Digital:       Univ. of Surrey:

For more information: please contact Cyber Security Intelligence.

You Might Also Read:

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web (£)

 

« Social Media Networking Sites You Need to Know About - part 3
New Iranian Ransomware Groups Detected »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.

SafeCipher

SafeCipher

SafeCypher are crypto specialists with a very specialized knowledge of Public Key Infrastructure (PKI), Hardware Security Modules (HSM), Quantum Resistant Cryptography and Crypto-Agility.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Pragma Strategy

Pragma Strategy

Pragma is a CREST approved global provider of cybersecurity solutions. We help organisations strengthen cyber resilience and safeguard valuable information assets with a pragmatic approach.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group)

Eleviant Tech (CTG Group) is a USA based digital transformation company with expertise in Mobile, Cloud, Web, IoT, AR, RPA, Cyberseurity and AI Technologies.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.