It’s also possible that you appear on the Dark Web in some shape or form.
Scary? With so many unknowns surrounding the Dark Web, this short guide aims to provide insight into what the Dark Web is, how it is used and what risks this has to you as an individual and the organisations you work for.
What is the dark web, deep web and surface web?
The Dark Web is a hidden universe contained within the “Deep Web”- a sublayer of the Internet that is hidden from conventional search engines. Search engines like Google, Bing and Yahoo only search .04% of the indexed or “Surface Web”. The other 99.96% of the Web consists of databases, private academic and government networks, and the Dark Web. The Dark Web is estimated at 550 times larger than the Surface Web and growing.
The split between the ‘Surface Web’ and ‘Deep Web’ can be depicted with an illustration of an iceberg. What’s visible above the ‘surface’ level is the internet we use and access on a daily basis. What isn’t visible beneath the ‘surface’ is the Deep Web.
Though often referred to as both the ‘Deep Web’ and ‘Dark Web’, the difference is that the ‘Deep Web’ can be entirely safe and legal, mainly consisting of databases and intranets. The ‘Dark Web’ refers to the portion that is used for illegal activity, including the distribution of stolen data. Looking back at the iceberg depiction, the Dark Web constitutes the bottom tip of the iceberg.
How is the dark web accessed?
The most common method used to access the Dark Web is known as ‘The Onion Routing’ project, or ‘TOR’. TOR is a non-profit organisation that research and develops online privacy.
TOR offer a software package that is essentially a web browser (similar to Google Chrome or Mozilla Firefox) that enables access to the Dark Web.
TOR masks your identity, making you completely anonymous when browsing the Dark Web. As a result, it is one of the most common ways criminals access the Dark Web.
Lucrative uses for the dark web
A lot of the goings-on on the Dark Web fall under the umbrella of illegal activity and are enabled by the anonymity browsers like TOR offer.
The Dark Web has been known to serve as a marketplace for the illegal sale of weapons, drugs and explicit content. One notorious Dark Web website, Silk Road, was shut down by the FBI in 2013 for enabling the illegal procurement of drugs. An interesting and ironic side note is that it was reported that the site could have been responsible for a reduced number of violent street drug crimes during its existence.
The Dark Web is also a primary hub for the sale of Malware. When new Malware is created by cybercriminals, it can be found on the Dark Web for as little as £50.
CyberNews researches say:
“Most of the malware tools sold in these entry-level websites are of inferior quality, made by neophyte hackers looking to make their names in cyberspace.”
“On the other end of the spectrum are invite-only message boards, accessible only via the TOR network and run by veteran Eastern European cybercriminals who offer high-grade products used by serious clientele.”
The part of the Dark Web which can perhaps have the most impact on you however is the distribution of compromised credentials. Your usernames and passwords for different online services could be available to anyone on the Dark Web, providing easy access to your accounts and opening up a whole can of worms.
Let’s take a closer look at how this happens, the risk it poses and what you can do about it.
Compromised credentials puts you at risk
When you sign up to a third-party site or application such as a fitness tracker or news outlet, and that third party is hacked/breached, your credentials can be obtained by cybercriminals. There are countless examples of this happening in the past, including Adobe, Marriott International, LinkedIn and MyFitnessPal; though the introduction of the GDPR has helped to reduce the number of cases by shining light on data protection and enforcing hefty fines for those who fail to comply.
Whilst 3rd party breaches are responsible for most credentials becoming compromised, credentials can also be obtained through the following methods:
- Tested: The compromised data was tested to determine if it is live/active. This is essentially guessed based on information that eludes to what your password might be
- Keylogged or Phished: The compromised data was entered into a fictitious website or extracted through software designed to steal PII
- Accidental Exposure: The compromised data was accidentally shared on a Web, social media, or Peer-to-Peer site
- Malicious / Doxed: The compromised data was intentionally broadcast to expose PII.
The BIG issue here is that nearly 50% of people say that they use the same usernames and passwords across multiple accounts. This includes the credentials they use at work to access the corporate network, critical business sites and applications, making it incredibly easy for cybercriminals to gain access to the systems your organisation relies on to operate.
Even if you don’t use the same passwords across accounts, but similar ones, this puts you at risk of having other accounts hacked such as social media, online shopping accounts and in some cases bank accounts.
Other than gaining direct access to accounts, the other main use for compromised credentials is phishing. Cybercriminals purchase compromised accounts to launch targeted spear phishing attacks on organisations. Rather than having to impersonate the sender in their phishing scam, they are able to use the real account, increasing the success rate of their attacks.
According to the latest Verizon Data Breach Report, a staggering 80% of hacking-related breaches leverage either stolen and/or weak passwords.
How to reduce the risk of compromised credentials
Once your credentials appear on the Dark Web, there is very little you can do to have them removed.
So, what can you do to limit the risk and ensure that compromised credentials never harm your organisation?
Dark Web Monitoring
Firstly, visibility is absolutely key. Knowing how many credentials associated with your corporate domain are available helps you to understand the risk level.
Then, enabling 24 x 7 Dark Web Monitoring to alert you of new breaches, including the source of the breach and the credentials that have been stolen puts you in the best position to keep your organisation secure on an ongoing basis.
Our Dark Web Monitoring service, CyberSIGHT, reports, remediates, monitors and prevents further breaches from affecting your organisation.
Start with a Free Breach Report today to understand how many of your organisation’s credentials are for sale on the Dark Web.
Change and enforce a strong password policy
The very first action you should take is to ensure that all passwords are changed for all employees across all business applications. This is the easiest way to reduce the risk of your organisation being affected by exposed credentials. A password manager is the best way to manage this as they centralise all of the applications being used, allow global actions to be taken and make it easier for employees by only requiring a single password to access each application. A PAM (Privileged Account Management) tool will ensure that administrator passwords are secured and monitored. It is also best practice to introduce regular password changes. We recommend monthly changes to keep your organisation secure.
Does your organisation have a strong password policy?
If not, now would be an ideal time to introduce one. Strong passwords consist of:
- 12-15 characters
- Passphrases rather than single words
- A mixture of letters, numbers and symbols
- Upper and lowercase letters
By introducing a strong password policy, you are much improving the security of business applications across your organisation. Additionally, we recommend that you state that business e-mail accounts are not to be used for non-business purposes.
Social engineering and phishing training
Returning to our earlier point around compromised accounts used for phishing scams, there is also an increased chance of your organisation being targeted through spear-phishing or social engineering. These types of attacks are responsible for over 90% of breaches according to a thorough study by IBM and the Ponemon Institute. The only way you can truly prevent phishing attacks from being successful is through training and regularly testing your employees. We recommend using a fully managed security awareness solution to reduce the time and resource efforts you would need to invest for an effective service.
Enable multi-factor authentication
Multi-factor authentication is seen more and more across many different sites and applications. This requires the user to provide another means of authentication (on top of their password) to log in. Authentication is most commonly achieved via a code sent in a text message or through an authenticator app.
Having this in place within your organisation prevents criminals, who only have login credentials, from logging into critical business applications and systems. We recommend SecurEnvoy or OneLogin as multi-factor authentication solutions.
Vulnerability scan and penetration testing
More for peace of mind, your organisation could conduct a vulnerability scan to ensure that the stolen credentials haven’t already resulted in malware making its way onto your network. This is usually an automatic process in which your end points, network and infrastructure are scanned for potential threats. If you already have good anti-virus in place, you should expect a clean result.
Stolen credentials can provide criminals with access to embed code that will allow unceasing access even after detection. By introducing a continuous penetration testing service, your web services are protected with threat monitoring and risk analysis by both machine intelligence and trusted ethical hackers.
