Diving Into The Dark Web

The Dark Web is a place in cyberspace where criminals and other bad actors share stolen credentials and discuss successful attacks. Fake COVID-19 cures, counterfeit travel documents and scam call services are amongst the services being traded on the Dark Web and cyber criminals continually search for new  ways of exploiting the 2020 health crisis. Sensitive information often ends up for sale on the black market in the Dark Web, compromising the security of businesses and their employees. 

According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report from the Ponemon Institute, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

The Dark Web is a collection of anonymous websites that are publicly available yet hide their IP (Internet Protocol) addresses to make it impossible for users to identify and track the host. It is very common that personal information, including email accounts, passwords and credit card details obtained through data breaches end up becoming available illicitly for sale on the Dark Web. Recently, personal information from places ranging from education organisations to voter databases in the US have been found exposed. Although there have been big takedowns of cyber-crime groups online, cyber criminals evolve to avoid detection.

But just as there’s a lot of bad on the Dark Web, there is some good, in the form of intelligence that can be used to help protect organisations from attacks.

Because they are so focused on doing what’s right, researchers often overlook additional rich sources of cyber-threat intelligence that attackers essentially hand out as they interact online. To defend as a good guy, you have to think like a bad guy. Getting into an attacker’s head provides clues as to how and why they operate.

Understanding The Dark Web

For general purposes, the terms “Dark Web” and “Darknet” are more or less interchangeable, but there are some nuanced differences. When people refer to the Dark Web, they’re usually talking about hacker sites on the Internet that you can access from a regular web browser. When people talk about Darknet, it means you need special software. The most common one is the Tor browser, but there are others as well.

Diving Into Darkness

To understand how hackers operate, it helps to explore their stomping grounds. A common data source for threat intelligence are attacker-run and torrent/onion forums, usually on the Darknet, where hackers often discuss, purchase and sell malware, ransomware and denial-of-service offerings. These forums usually  require researchers to jump through a significant number of hoops to access them. Some forums require payment of some kind; others require people to vouch for you as a real hacker. And sometimes, you have to prove your worthiness by demonstrating your ability to code around a security problem or create malicious software.

Most attackers on these forums aren’t just motivated by monetary gain. They’re also looking for some glory. They want to post and advertise their knowledge in forums that will have the most views, and many want to show off their skills. 

What they typically show off are frequent attacks targeting mass numbers of individuals and organisations rather than narrow, specific, targeted attacks. So, the techniques shared in these forums help defenders understand attacker culture and how to defend against frequent attacks.

Current Trends

Attack forums enable researchers to understand what attackers find interesting. Getting inside the mind of an attacker not only enables threat researchers to anticipate risks and the steps within an attack, but it also helps us to begin to profile certain cyber criminals. Threat behaviors are a lot like fingerprints and can be very useful in uncovering and defending against certain threats.

One trend in these attack forums that has been popular topic for discussion over the past few months is security on various web meeting platforms. Most these discussions have no malicious intent and are probably people just wanting to understand or discuss a specific topic. In some rare cases, however, it is clear that when an application is getting enough chatter, it is because attackers are starting to research vulnerabilities or test code.

Threat researchers also make use of text dumps that contain usernames, names, passwords and other information. This is often what happens to data when cyber criminals, or even people in your organisation, have intentionally or inadvertently leaked passwords or other personally identifiable information (PII).  This data can place an entire organisation at risk.

At the very least, organisations should be frequently checking to see if they’ve been caught up in these types of credential packages and data leaks.

In all, almost $100 million worth of Covid-related goods have been listed for sale on the dark web, according to a forthcoming report by the CTI League, which is a coalition of cyber security researchers investigating the intersection of Covid-19 and the Internet. In a survey of 25 of the largest Dark Web marketplaces, the CTI league found that 10% included Covid-related branding

Examining hacker forums and text dumps are just two of the ways that researchers can glean valuable information that will help them protect the networks they are responsible for.  For this reason, cyber security training for researchers needs to include methods of accessing the dark online world so the good guys can better understand how the bad guys operate and beat them at their own game.

Another key part of this ecosystem is the role of law enforcement. Threat researchers should work with law-enforcement agencies to share threat information in a way that’s easy and accessible. This has to be a two-way street. Tackling cyber-crime can’t be resolved unilaterally by law enforcement alone; it’s a joint responsibility that requires trusted relationships to be fostered between the public and private sector.

Dark Web scans don’t scan the entire Dark Web; that would be impossible. Instead, they monitor known cyber criminal forums and marketplaces where data dumps are frequently put up for sale.  A robust Dark Web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of Dark Web monitoring services is to look at them as one tool in your arsenal to protect yourself against cyber-crime. A Dark Web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyber-attacks at an affordable price.

Bloomberg:      Techradar:     Realwire:     Threatpost:    TechRepublic

You Might Also Read: 

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web: (£)

 

 

« New British Telecoms Security Law
Amazon Web Services Outage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.