The Dark Side Of The Web

The Dark Web consists of the parts of the Internet which cannot be accessed through normal  search engines like Google.  Although most people will never go there, public awareness of it stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records.

When eighty percent of data breaches are a result of weak passwords and we consider that ninety percent of th UK population admit to password reuse, despite being well aware of the consequences, this is truly alarming. Most people don’t really understand the true extent of the Dark Web, with some  estimates that it accounts for over 90% of the entire world wide web. 

On the Dark Web, you can purchase cyber crime “how-to kits” that gather lists of breached names, account numbers, passwords, and even telephone support lines for the victims to call. It’s not difficult to get on the Dark Web using the TOR browser, but make no mistake, just because you’re on the Dark Web doesn’t mean you’re anonymous. 

A recent Report from the University of Surrey revealed that almost two-thirds (60%) of listings on the Dark Web had the potential to harm enterprises. 

While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves. Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. 

Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.

Is Your information On the Dark Web?

Research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web, and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think, since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.

Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. 

Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.

Become Cyber-Aware 

Detection is undoubtedly pivotal in keeping ahead of fraudsters, but the foundations begin with awareness. The majority of breaches take place as a result of simple mistakes which can be easily addressed, using your Facebook password at work or failing to change the default settings of connected devices. But at the same time, businesses must stress the importance of being cyber-aware and foster a culture of security awareness throughout the organisation.

While some businesses have started reopening their doors, many of us will continue working from home for the foreseeable future. Driving cyber-aware practices should therefore be a priority, requiring each department to work together and get their security practices up to scratch. 

The security challenge is constantly evolving and will likely become even more complex as digital migration continues. 
With the risks of the Dark Web always looming, we’d all benefit from refreshing our cybersecurity practices. A good place to start is by using randomly generated passwords which are unique across different platforms; from there, implementing solutions with built-in privacy features will help to prevent another dark web horror story.

Government Action

Governments are becoming increasingly aware of the Dark Web and its signifcance in cyber crime. In Australia, law enforcement agencies will be given increased powers to tackle the dark web under a $1.7 billion federal Government Cybersecurity Plan. The change will allow the Australian Federal Police and Australian Criminal Intelligence Commission to identify individuals and their networks engaging in serious criminal internet activity. Prime Minister Scott Morrison said the record $1.66 billion spend would help cyber security become a fundamental part of everyday life. But the dark web and encrypted communications apps make identifying suspects extremely difficult.

Organisations should never attempt to access the Dark Web without expert help. It is a time consumning and slow process and the costs of hiring someone to do this manually are often not justified.  Far away from search engine catalogues, it’s a messy place and it’s very difficult to gain proper visibility into what may be happening in the dark web by browsing it manually.

The best way to monitor the Dark Web is via an automated monitoring solution from a specialist firm like Echosec and Skurio that will safely scan multiple sources and can provide peace of mind. Their experts can then provide advice on and help with removing data, informing users, investigating further or taking other actions should a breach be detected. 

Forbes:         USA Today:      Information Security Buzz:    Young Witness:     Charity Digital:       Univ. of Surrey:

For more information: please contact Cyber Security Intelligence.

You Might Also Read:

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web (£)

 

« Social Media Networking Sites You Need to Know About - part 3
New Iranian Ransomware Groups Detected »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

IBLISS Digital Security

IBLISS Digital Security

How cyber-resilient is your business now? We help companies to continuously answer this never-ending C-level question.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Winmill Software

Winmill Software

Winmill is a technology services company that provides expert consulting services in Application Development, Application Security and Cyber Security.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.