The Dark Web: is it as ominous as it sounds? In this guide you'll discover how the Dark Web came into existance is used by cyber criminals.
What is the Dark Web?
The Dark Web is a hidden part of the Internet which is not indexed by traditional search engines like Google. This part of the Internet was created with the best of intentions, to allow for private communications to occur away from government snooping. Activists and dissidents could have a communication channel to get their messages out from countries who might want to keep them quiet.
Of course, anonymity also encourages illegal activity in the form of buying, selling, and trading in illegal goods and services and so the term Dark Web was born. The only way to access the Dark Web is through specialized software called Tor which is free to download and use.
What’s on the Dark Web?
Marketplaces: One of the most famous sites on the Dark Web was called the Silk Road, a marketplace for all sorts of illegal activity. The most common things for sale were drugs while on other Dark Web marketplaces you could buy firearms, child pornography, controlled chemicals, fake IDs, hacking services and other illegal goods.
While law enforcement continues to focus on shutting Dark Web marketplaces down, new ones pop up from time to time. It is a never-ending game of cat and mouse between law enforcement and cyber criminals.
Stolen Data: Besides black markets, the Dark Web is a hub of trading in stolen data. Cyber criminals can connect with each other and share information with a small chance of being caught. It is sites like these that DynaRisk monitors for the presence of stolen data or mentions of companies that cyber criminals are targeting.
To illustrate, the following is a screenshot of a website set up by the Maze ransomware group. Maze attacks companies with malware which both encrypts their systems, so employees can’t use them, and steals company data.
This can grind the affected business to a halt, heavily disrupt sales and cause a data privacy breach that needs to be notified to regulators and customers. Maze then contacts the company and demands a ransom to unlock the systems and delete the stolen data before they publish it publicly.
If the ransom isn’t paid, Maze posts the data they have stolen from the affected companies for others to download. In the above screenshot, Maze has ransomed a US company in Boston and is sharing the data they stole from the company in a file called “Depts” for others to download.
Dark Web versus Surface Web and Deep Web
While the Dark Web gets a lot of media attention, the Surface Web and Deep Web is actually where most stolen data are traded. The Surface Web refers to the public internet that anyone can access, and the Deep Web refers to password protected or otherwise inaccessible places on the regular internet.
The most common places cyber criminals will share stolen data amongst themselves are on web forums. While criminality occurs on these forums, not everyone who visits the site is a cyber crime suspect. There are areas of these forums which are accessible to anyone (Surface Web) but also members only areas which require higher access to gain entry to (Deep Web).
The following image shows a post on a Deep Web forum where someone is advertising their services for stealing money from credit cards and bank accounts.
Choosing a Dark Web monitoring service
There are hundreds of hacker groups and dozens of sites where they communicate, so how do you monitor all of this for your personal information or business information?
There are several types of monitoring services offered by companies around the world which can be separated into three different price/functionality brackets.
Basic Dark Web monitoring
Basic monitoring typically encompasses searching for email addresses and domain names without storing any of the actual leaked data itself.
The classic example of a basic monitoring solution is HaveIBeenPwned, a great free service but with limited functionality. It will notify you of information being leaked, but that is about it.
Intermediate Dark Web monitoring
Monitoring capabilities at this level include the retention of full leaked data records which include additional attributes like password hashes, cleartext passwords, phone numbers, ID numbers, credit cards, physical addresses and other useful information like mothers maiden name or answers to password reset questions.
In addition to data leak monitoring, capabilities like Hacker Chatter monitoring become available at this level. This is where the provider monitors for hackers mentioning the name of a company in their communications or tools.
DynaRisk’s focus is on the intermediate monitoring segment as there are thousands of SME and middle market companies who can’t afford an expensive advanced solution but need a good level of Dark Web monitoring capability to combat the threats they are facing.
Advanced Dark Web monitoring
The Rolls-Royce of Dark Web monitoring & intelligence solutions. These products include leak monitoring, hacker chatter monitoring and layer on hack tool recovery and professional services.
Hack tool recovery is where the intelligence team will seek out the tools hackers are using in order to reverse engineer them to find out how they work and how companies can defend against them.
Products at this level of capability are typically employed by large multinational companies and governments and are extremely expensive to buy.
Adding Dark Web monitoring to your cyber defence strategy
Unlike many other types of cyber security tools, setting up Dark Web monitoring is usually quite straight forward. Generally, all these tools need is a list of the domain names and/or IP addresses to look for.
DynaRisk has a specialized intelligence team and technology platform which seeks out leaked data records, indexes them in our databases and alerts our clients if their information pops up. We are actively monitoring hundreds of hacker communities for data.
While there are many thousands of sites on the Dark Web, only a few hundred have valuable information. The DynaRisk intelligence team scours these sites to find both data leaks and hackers talking about companies they have hacked or are planning on hacking.
What else should businesses be monitoring?
While monitoring the Dark Web is critical, most businesses need more capabilities to reduce their risk of exposure to cyber crime. This is why we include Dark Web monitoring in all editions of Breach Defence. DynaRisk offers a free trial - download this guide for more information on how to access the platform free for 14 days. If you have any questions about Dark Web monitoring, how our products work or the other capabilities that Breach Defence has to offer, contact us at firstname.lastname@example.org.