Diving Into The Dark Web

The Dark Web is a place in cyberspace where criminals and other bad actors share stolen credentials and discuss successful attacks. Fake COVID-19 cures, counterfeit travel documents and scam call services are amongst the services being traded on the Dark Web and cyber criminals continually search for new  ways of exploiting the 2020 health crisis. Sensitive information often ends up for sale on the black market in the Dark Web, compromising the security of businesses and their employees. 

According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report from the Ponemon Institute, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

The Dark Web is a collection of anonymous websites that are publicly available yet hide their IP (Internet Protocol) addresses to make it impossible for users to identify and track the host. It is very common that personal information, including email accounts, passwords and credit card details obtained through data breaches end up becoming available illicitly for sale on the Dark Web. Recently, personal information from places ranging from education organisations to voter databases in the US have been found exposed. Although there have been big takedowns of cyber-crime groups online, cyber criminals evolve to avoid detection.

But just as there’s a lot of bad on the Dark Web, there is some good, in the form of intelligence that can be used to help protect organisations from attacks.

Because they are so focused on doing what’s right, researchers often overlook additional rich sources of cyber-threat intelligence that attackers essentially hand out as they interact online. To defend as a good guy, you have to think like a bad guy. Getting into an attacker’s head provides clues as to how and why they operate.

Understanding The Dark Web

For general purposes, the terms “Dark Web” and “Darknet” are more or less interchangeable, but there are some nuanced differences. When people refer to the Dark Web, they’re usually talking about hacker sites on the Internet that you can access from a regular web browser. When people talk about Darknet, it means you need special software. The most common one is the Tor browser, but there are others as well.

Diving Into Darkness

To understand how hackers operate, it helps to explore their stomping grounds. A common data source for threat intelligence are attacker-run and torrent/onion forums, usually on the Darknet, where hackers often discuss, purchase and sell malware, ransomware and denial-of-service offerings. These forums usually  require researchers to jump through a significant number of hoops to access them. Some forums require payment of some kind; others require people to vouch for you as a real hacker. And sometimes, you have to prove your worthiness by demonstrating your ability to code around a security problem or create malicious software.

Most attackers on these forums aren’t just motivated by monetary gain. They’re also looking for some glory. They want to post and advertise their knowledge in forums that will have the most views, and many want to show off their skills. 

What they typically show off are frequent attacks targeting mass numbers of individuals and organisations rather than narrow, specific, targeted attacks. So, the techniques shared in these forums help defenders understand attacker culture and how to defend against frequent attacks.

Current Trends

Attack forums enable researchers to understand what attackers find interesting. Getting inside the mind of an attacker not only enables threat researchers to anticipate risks and the steps within an attack, but it also helps us to begin to profile certain cyber criminals. Threat behaviors are a lot like fingerprints and can be very useful in uncovering and defending against certain threats.

One trend in these attack forums that has been popular topic for discussion over the past few months is security on various web meeting platforms. Most these discussions have no malicious intent and are probably people just wanting to understand or discuss a specific topic. In some rare cases, however, it is clear that when an application is getting enough chatter, it is because attackers are starting to research vulnerabilities or test code.

Threat researchers also make use of text dumps that contain usernames, names, passwords and other information. This is often what happens to data when cyber criminals, or even people in your organisation, have intentionally or inadvertently leaked passwords or other personally identifiable information (PII).  This data can place an entire organisation at risk.

At the very least, organisations should be frequently checking to see if they’ve been caught up in these types of credential packages and data leaks.

In all, almost $100 million worth of Covid-related goods have been listed for sale on the dark web, according to a forthcoming report by the CTI League, which is a coalition of cyber security researchers investigating the intersection of Covid-19 and the Internet. In a survey of 25 of the largest Dark Web marketplaces, the CTI league found that 10% included Covid-related branding

Examining hacker forums and text dumps are just two of the ways that researchers can glean valuable information that will help them protect the networks they are responsible for.  For this reason, cyber security training for researchers needs to include methods of accessing the dark online world so the good guys can better understand how the bad guys operate and beat them at their own game.

Another key part of this ecosystem is the role of law enforcement. Threat researchers should work with law-enforcement agencies to share threat information in a way that’s easy and accessible. This has to be a two-way street. Tackling cyber-crime can’t be resolved unilaterally by law enforcement alone; it’s a joint responsibility that requires trusted relationships to be fostered between the public and private sector.

Dark Web scans don’t scan the entire Dark Web; that would be impossible. Instead, they monitor known cyber criminal forums and marketplaces where data dumps are frequently put up for sale.  A robust Dark Web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of Dark Web monitoring services is to look at them as one tool in your arsenal to protect yourself against cyber-crime. A Dark Web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyber-attacks at an affordable price.

Bloomberg:      Techradar:     Realwire:     Threatpost:    TechRepublic

You Might Also Read: 

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web: (£)

 

 

« New British Telecoms Security Law
Amazon Web Services Outage »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

Giesecke+Devrient (G+D)

Giesecke+Devrient (G+D)

Giesecke+Devrient develop security technologies in four major areas: enabling secure payment, providing trusted connectivity, safeguarding identities and protecting digital infrastructures.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Moix Security

Moix Security

Moix Security is consulting firm specialising in application and software security. We help organisations design, build, and maintain secure software.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.