The Dark Side Of The Web

The Dark Web consists of the parts of the Internet which cannot be accessed through normal  search engines like Google.  Although most people will never go there, public awareness of it stems from horror stories of data breaches resulting in thousands of stolen credentials being put up for sale, ranging from passwords to bank account numbers and medical records.

When eighty percent of data breaches are a result of weak passwords and we consider that ninety percent of th UK population admit to password reuse, despite being well aware of the consequences, this is truly alarming. Most people don’t really understand the true extent of the Dark Web, with some  estimates that it accounts for over 90% of the entire world wide web. 

On the Dark Web, you can purchase cyber crime “how-to kits” that gather lists of breached names, account numbers, passwords, and even telephone support lines for the victims to call. It’s not difficult to get on the Dark Web using the TOR browser, but make no mistake, just because you’re on the Dark Web doesn’t mean you’re anonymous. 

A recent Report from the University of Surrey revealed that almost two-thirds (60%) of listings on the Dark Web had the potential to harm enterprises. 

While it’s not all used for illicit purposes, the presence of such diverse networks of criminal activity means consumers should protect their information with the caution it deserves. Credit card numbers, counterfeit money and stolen subscription credentials are among the items you’ll find for sale on the dark web. In addition, you’ll also find services for hire, including distributed denial of service (DDoS) attacks, phishing scams and the harvesting of operational and financial data. 

Clearly, a successful breach could have severe financial repercussions for businesses and consumers alike, not to mention the accompanying reputational damage to any companies involved.

Is Your information On the Dark Web?

Research from last year has already revealed that 1 in 4 people would be willing to pay to get their private information taken down from the dark web, and this number jumps to 50% for those who have experienced a hack. While only 13% have been able to confirm whether a company with which they’ve interacted has been involved in a breach, the reality is it’s much more likely than you’d think, since 2013, over 9.7 billion data records have been lost or stolen, and this number is only rising.

Most of us would have no way of knowing whether our information is up for sale online. However, solutions now exist which proactively check for email addresses, usernames and other exposed credentials against third-party databases, alerting users should any leaked information be found. 

Password managers are increasingly including this dark web monitoring functionality, indicating sites which have been breached along with links for users to change any exposed credentials. By keeping users informed if their digital identities are compromised, these tools help to improve security awareness and highlight the risks of poor password practices.

Become Cyber-Aware 

Detection is undoubtedly pivotal in keeping ahead of fraudsters, but the foundations begin with awareness. The majority of breaches take place as a result of simple mistakes which can be easily addressed, using your Facebook password at work or failing to change the default settings of connected devices. But at the same time, businesses must stress the importance of being cyber-aware and foster a culture of security awareness throughout the organisation.

While some businesses have started reopening their doors, many of us will continue working from home for the foreseeable future. Driving cyber-aware practices should therefore be a priority, requiring each department to work together and get their security practices up to scratch. 

The security challenge is constantly evolving and will likely become even more complex as digital migration continues. 
With the risks of the Dark Web always looming, we’d all benefit from refreshing our cybersecurity practices. A good place to start is by using randomly generated passwords which are unique across different platforms; from there, implementing solutions with built-in privacy features will help to prevent another dark web horror story.

Government Action

Governments are becoming increasingly aware of the Dark Web and its signifcance in cyber crime. In Australia, law enforcement agencies will be given increased powers to tackle the dark web under a $1.7 billion federal Government Cybersecurity Plan. The change will allow the Australian Federal Police and Australian Criminal Intelligence Commission to identify individuals and their networks engaging in serious criminal internet activity. Prime Minister Scott Morrison said the record $1.66 billion spend would help cyber security become a fundamental part of everyday life. But the dark web and encrypted communications apps make identifying suspects extremely difficult.

Organisations should never attempt to access the Dark Web without expert help. It is a time consumning and slow process and the costs of hiring someone to do this manually are often not justified.  Far away from search engine catalogues, it’s a messy place and it’s very difficult to gain proper visibility into what may be happening in the dark web by browsing it manually.

The best way to monitor the Dark Web is via an automated monitoring solution from a specialist firm like Echosec and Skurio that will safely scan multiple sources and can provide peace of mind. Their experts can then provide advice on and help with removing data, informing users, investigating further or taking other actions should a breach be detected. 

Forbes:         USA Today:      Information Security Buzz:    Young Witness:     Charity Digital:       Univ. of Surrey:

For more information: please contact Cyber Security Intelligence.

You Might Also Read:

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web (£):