The Blog
The Dark Web is not just last year’s problem

The Dark Web is not just last year’s problem

19th Nov 2018

CISO

RepKnight

Over the past year or so we’ve been working to raise awareness of the dangers that the Dark Web poses to businesses in different sectors. No longer are the murky parts of the Internet simply reserved for the trade of firearms, drugs and other illegal items. Now, the Dark Web is a haven for the sale of data— and much of that data belongs to businesses who are quite unaware that cybercriminals are taking them for a ride, and even unaware that they’ve experienced a data breach in the first place. This is not always targeted and is quite often opportunistic based on what they come across.

Some, though, are arguing that the threat of the Dark Web is diminishing. And while it is true that dark web stalwarts AlphaBay and Hansa closed down last year, and criminal activity is certainly rising on the likes of Telegram, businesses must not make the mistake of thinking that the Dark Web’s threat is lessening — it really isn’t.

Buyers and sellers need an accessible marketplace in order to trade goods. If you have your known contacts, then yes it makes sense to message or contact them on relatively secure channels such as Telegram. However, the forums and Dark Web markets offer so much more by way of anonymity, secure and anonymous payment methods, escrow facilities and window shopping without any contact.

Heaps of corporate data still appear daily on the Dark Web

Our team of analysts at RepKnight see cybercriminals discuss and post millions of posts every day on TOR, IRC and hundreds of dump and bin sites containing sensitive corporate data. We estimate that around one-third of what’s for sale on the Dark Web is data. Some of this is regurgitated, but while stolen credentials are still valid they will sell. And this increases the exposure of that data if it is yours and the likelihood that it will be reused against your company.

It doesn’t matter what industry you’re in — the Dark Web is a threat to you.

For example, the Dixons Carphone breach revealed this week was most likely facilitated by compromised credentials posted in dumps from previous third-party breaches. Analysing the UK’s top 500 law firms, we found a million email addresses belonging to employees at 198 of the firms on the Dark Web through no fault of any of the companies’ cybersecurity. Looking at the UK’s Russell Group of universities, we found 5 million email credentials exposed on the Dark Web. A substantial number of these finds included cleartext passwords. We’ll be analysing more verticals this year to demonstrate that it doesn’t matter what industry you’re in, criminals are after your data.

What you can do about it

The issue most businesses have with the Dark Web is that they have no idea how to tackle it. Spending hours trawling through dark web sites is neither practical nor advisable (you’ll be entering the dragon’s lair), which leaves you no alternative but advanced monitoring technology. This kind of technology behaves in the same way that Google Alerts does for the visible web — alerting users quickly whenever certain keywords appear on the Dark Web. So, if you’re unlucky enough to suffer a data breach, you’ll at least be able to mitigate the damage. And the more companies that use dark web monitoring tools and perform early remediation, the less lucrative cybermarkets will be for criminals, and the less dangerous the dark web will become once and for all.


RepKnight will be present at our CISO event in One Great George Street on November 22nd 2018. To learn more, contact GB Intelligence on 01633 749520 or at info@gbievents.com. 

To learn about other events like this, visit here.

Share this:
Three Expensive Security Operations Costs CISO 03
Dec
Three Expensive Security Operations Costs

Rapid7 - Three Expensive Security Operations Costs and How to Minimize Them with SOAR

How do you define Privileged Access? CISO 27
Nov
How do you define Privileged Access?

Back to the Basics: How do you define Privileged Access?

Growing Concern over Large Scale Cyber Attacks CISO 08
Nov
Growing Concern over Large Scale Cyber Attacks

Growing Concern over Large Scale Cyber Attacks

Request more information

You have missed out some details, please try again.

Your Name:
Job Title:
Company Name:
Email:
Phone:
Please answer the above question to prove that you are human.

©2018 Global Business Intelligence | All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. You can find out how we use cookies here.