Why Dark Web monitoring is a critical component of threat intelligence

The Dark Web should be taken seriously. Many companies, for several reasons, believe that beyond preventing employees from using it that it is not a threat. Unfortunately, as a result, it gets treated as a secondary concern, if at all.

However, if you do not monitor the Dark Web, you may be missing many instances where you can spot if your company’s security has already been breached.

Types of Illicit Activity on the Dark Web

The types of information available on the Dark Web are myriad. Let’s break down the major categories

Serious Crimes - These include guns, drugs, and child pornography. The very nature of these things alone is enough to scare any honest person from venturing on to the Dark Web simply because you don’t want to accidentally see something that you can’t unsee.

However, the same marketplaces where these things are offered also include information which your company should take very seriously.

Fraud - One of the most common items available for sale on the Dark Web are credit card numbers. These can be purchased in bulk. Other items include internal documents from companies; editable Photoshop files of invoices, order forms and more, which can make it very easy for people to trick companies out of everything from discounts, coupons, orders and more. False IDs are easy to get; often stolen from people taking “selfies” of themselves with their id.

Physical Goods - One can find any number of counterfeit goods on the Dark Web, beyond the usual counterfeit watches and sunglasses, to iPhones and Androids, and various tablets. These are often purchased in bulk and then sold on the Surface Web in places like Amazon. One can also easily find many prescription drugs available for sale, often the legitimate item, simply by searching “NHS”. Typically, the volume of these available suggests that the information has been gained from insiders with access to these pills.

Customer Data Breach information - Results of massive hacks are often available for sale. These could include your customers information. It’s important to note that your customers are likely one of your weakest spots in your security system. While companies can enforce secure procedures for employees, it’s nearly impossible to do this for customers who may use the same password for many sites. All it takes is one breached site for a person to get access to company information that was not even part of the original breach.

In other words, you might not even have been hacked, yet your customers data may still appear on the Dark Web.

Cyberattack planning - Often credentials are traded around the Dark Web prior to a breach occurring. Bad actors may share samples of information for sale to someone wishing to use this information in the future. This data can be extremely useful for IT security areas to gain an understanding if an attack is about to occur to prevent potential losses from occurring.

Why the Dark Web is often overlooked

There are many reasons why companies don’t take the threats of the Dark Web seriously. Let’s go over them.

Not on the top of the list - If you are busy dealing with security for your company, typically concerns surround perimeter defence, and policies surrounding employee use of the internet take center stage. The belief is that if you can keep your employees off the Dark Web, the biggest threats are reduced. The problem is that you are still at risk, even if everyone at your company behaves perfectly.

We’re not a target - Many companies feel that they are too small to be targeted. You may have heard about big data breaches occurring at large companies; the belief is therefore that it must only be the big bait fish that are being targeted.

The truth is the matter is that medium and small-sized companies are often targeted quite simply because they are known to not have as many resources to protect themselves as larger ones.

IT and HR don’t like the idea - Letting people have access to the tools which allow access to the Dark Web makes both IT security and HR nervous. Anonymous web browsing makes companies believe that they are opening themselves up to further risk, simply by allowing employees not to be tracked, so they simply block access.

This is akin to solving a problem by sticking one’s head in the sand. Just because you don’t pay attention to the fact that something exists does not make it go away.

We have a “Dark Web person” already - Your IT department may take it seriously enough that they’ve designated a person to regularly monitor the Dark Web to look for mentions of your company so that they can take action if data appears. The belief is that since you already have someone “on it” there’s little more that can or needs to be done.

The problem is that one person attempting to monitor the entire Dark Web is extremely inefficient, and likely ineffective. Marketplaces on the Dark Web typically require individual logins and may also require a referral to get access. What this means is that even if your “Dark Web person” has managed to gain access, they will be needing to continually login to each one of these sites on a regular basis. This is inefficient, and unlikely to be effective.

Nothing you can do - Even if your data has appeared on the Dark Web, the common belief holds that there is little that can be done to track down criminals. After all, it’s anonymous, and nearly impossible to track criminals down, so the Dark Web is just an unfortunate reality.

The truth is that there are plenty of things that can be done; criminals on the Dark Web are caught regularly. Many of the biggest marketplaces such as the infamous “Silk Road” have been taken down. Also, the more you know about what data about your company being out there, the more resources you have for fixing potential breaches.

BreachAlert to the Rescue

With BreachAlert, you can automate much of the process. We have access to and can regularly scan the major marketplaces for any mentions of your company, your employees, or your customer data.

We have methods for matching information discovered on the Dark Web against known breaches. We can provide you with the information you need to prevent the next big attack on your systems. Learn more about BreachAlert today.

New call-to-action

 

Posted by Patrick Martin

 

Have your say...