Dark Web talk has gained momentum since 2010, often appearing on television shows and in the media as an indicator of illicit online activity. Hackers and malicious actors undoubtedly use it on a regular basis, but how dangerous is it for businesses?
The Dark Web vs. The Deep Web
The deep web is part of the internet that isn’t so freely seen or accessed via standard search engines. Still, many legitimate areas of the internet are categorized under this umbrella term: fee-paying sites (e.g., Netflix), academic journals, emails, etc.
In contrast, the dark web relies on overlay networks. Its many ‘hidden services’ are often only accessible through specialized software. This is where black markets, disturbing abuse images, and criminal rings live. However, not all of the dark web is ominous; it can provide a vital platform for social activists, journalists working under repressive regimes, and privacy advocates to communicate safely in areas where external communication is restricted or considered high risk.
How relevant is the dark web to your business?
In short, it’s just as important as customers and revenue.
Among the dangers of the dark web are:
- the trade of personal information and sensitive business information from data breaches and hacks
- the same widely used passwords (available on the dark web) used both for professional and personal email and apps
- very similar domain addresses (obtained via domain squatting), hosting malicious content to deceive customers and employees
Recent research indicates that the dark web is increasingly important to enterprises:
- About 90% of posts on dark web forums involve looking for someone to commit cybercrime.
- Of these, nearly 70% wanted cybercriminals to hack into websites.
- Furthermore, over 20% hired someone to obtain specifically targeted client or user databases.
There are undoubtedly many external risks, but there are also some that can come from within, but these can also be prevented or mitigated.
Are my business credentials on the dark web?
Unfortunately, yes. Of all the organizations we’ve helped, we’ve yet to find one that hasn’t come up on the dark web.
The number of credentials exposed increased 429% by the end of 2020, meaning that a company’s credentials are more likely to be on the dark web today than a year ago.
On average, 17 sets of corporate credentials per organization are available on the dark web.
If you want to get a sense of your personal vulnerability, go to Have I Been Pwned and enter your email and phone number to see how many data breaches you have been a part of.
Your business will need a more in-depth analysis to identify compromised credentials opening the gateway to a high-security risk profile.
Our Continuous Breach Detection Service – CBDS, identifies your dark web exposure – before anyone else does!
Company X results:
Domain squatting: 107
Domain squatting allows attackers to impersonate your organization’s website by buying similar-looking domains that most users overlook. Users could be tricked into giving up private information (e.g., banking), creating a considerable reputation loss for the organization and damage to its users.
Compromised credentials: 70 653 (indicate the number of both unique and multiple detections of the same accounts we’ve found)
Compromised credentials are often sold in cybercriminal forums and then used to commit fraud through account takeovers and identity theft. Attacks on individuals to gain access to a system would require as much personal information as possible; therefore, any compromised personal data of employees allows an attacker to create a customized social engineering attack.
Subdomains containing sensitive information or utilizing insecure third-party plugins are often exposed to the external internet due to various reasons that the organization may not be aware of, including shadow IT, developers bringing “test” and “development” systems online, etc. These subdomains could be potential entry points into the organization as they often have little or no monitoring and security control, or they leak sensitive information due to oversight where the organization thought the subdomain was private, but it was not.
Threat actors: 5 worldwide
Threat actors can be driven by personal profit, organized crime, hacktivism, or state-sponsored. Knowing and tracking threat actors interested in your organization is a vital part of managing the threat landscape.
Domain services: 152
Domain services identified are being used to power the domain. This information can help attackers identify weaknesses and create an attack strategy if any outdated or vulnerable service is discovered and left unpatched by the organization.
How to stay on top of dark web risks
Although the dark web isn’t going anywhere, and some argue you can avoid it, the risk of companies being exposed to its contents increases as criminal support systems and advanced technologies and methods are developed to compromise, steal, and sell data.
Risk and threat minimization all boil down to what you can control within your business and what you observe from the outside.
Understanding what assets are available, in demand, and being monetized on the dark web is a practical first step in dark web reality checking. Having an insight into the hacker landscape and its targets means you can prioritize cybersecurity and the specific security measures needed within your business.
You cannot fix what you don’t know. As you’ve seen from the results of a dark web scan for Company X above, verifying your position on the dark web can put you back in control.
Improve your cybersecurity posture
Cyber threat neutralization
A Cyber Threat Neutralization Service -CTNS is the process of searching across networks and endpoints to identify threats that evade security controls:
- It prevents threats from entering or causing further damage.
- Searches for indicators of compromise and neutralizes them.
- Identifies possible weaknesses to prevent future incidents.
- Identifies misconfigured sites that expose your business to attacks.
A Forbes 2020 dark web audit revealed nearly 15 billion stolen passwords from 100 000 breaches. That’s enough reason to embrace zero trust and take action to protect your organization from risk with passwordless authentication.
As the name suggests, the authentication method does not require a password since it is based on several decisive factors, such as possession and inherence. As a result, it is inherently stronger than a memorized secret, and it also eliminates password-based threats such as phishing and credential stuffing.
Digital Footprint Reconnaissance Audits
Just like a fingerprint, your digital profile can be identified and traced. From footprinting, hackers are therefore able to learn a great deal about an organization’s networks and their vulnerabilities.
ENHALO’s Digital Footprint Reconnaissance (DFR) service sweeps across various platforms to search for suspicious activity requiring further investigation. While doing so, we scour the surface web, deep web, and dark web for suspicious online activity while evaluating security risks and damages.