Diving Into The Dark Web

The Dark Web is a place in cyberspace where criminals and other bad actors share stolen credentials and discuss successful attacks. Fake COVID-19 cures, counterfeit travel documents and scam call services are amongst the services being traded on the Dark Web and cyber criminals continually search for new  ways of exploiting the 2020 health crisis. Sensitive information often ends up for sale on the black market in the Dark Web, compromising the security of businesses and their employees. 

According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report from the Ponemon Institute, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

The Dark Web is a collection of anonymous websites that are publicly available yet hide their IP (Internet Protocol) addresses to make it impossible for users to identify and track the host. It is very common that personal information, including email accounts, passwords and credit card details obtained through data breaches end up becoming available illicitly for sale on the Dark Web. Recently, personal information from places ranging from education organisations to voter databases in the US have been found exposed. Although there have been big takedowns of cyber-crime groups online, cyber criminals evolve to avoid detection.

But just as there’s a lot of bad on the Dark Web, there is some good, in the form of intelligence that can be used to help protect organisations from attacks.

Because they are so focused on doing what’s right, researchers often overlook additional rich sources of cyber-threat intelligence that attackers essentially hand out as they interact online. To defend as a good guy, you have to think like a bad guy. Getting into an attacker’s head provides clues as to how and why they operate.

Understanding The Dark Web

For general purposes, the terms “Dark Web” and “Darknet” are more or less interchangeable, but there are some nuanced differences. When people refer to the Dark Web, they’re usually talking about hacker sites on the Internet that you can access from a regular web browser. When people talk about Darknet, it means you need special software. The most common one is the Tor browser, but there are others as well.

Diving Into Darkness

To understand how hackers operate, it helps to explore their stomping grounds. A common data source for threat intelligence are attacker-run and torrent/onion forums, usually on the Darknet, where hackers often discuss, purchase and sell malware, ransomware and denial-of-service offerings. These forums usually  require researchers to jump through a significant number of hoops to access them. Some forums require payment of some kind; others require people to vouch for you as a real hacker. And sometimes, you have to prove your worthiness by demonstrating your ability to code around a security problem or create malicious software.

Most attackers on these forums aren’t just motivated by monetary gain. They’re also looking for some glory. They want to post and advertise their knowledge in forums that will have the most views, and many want to show off their skills. 

What they typically show off are frequent attacks targeting mass numbers of individuals and organisations rather than narrow, specific, targeted attacks. So, the techniques shared in these forums help defenders understand attacker culture and how to defend against frequent attacks.

Current Trends

Attack forums enable researchers to understand what attackers find interesting. Getting inside the mind of an attacker not only enables threat researchers to anticipate risks and the steps within an attack, but it also helps us to begin to profile certain cyber criminals. Threat behaviors are a lot like fingerprints and can be very useful in uncovering and defending against certain threats.

One trend in these attack forums that has been popular topic for discussion over the past few months is security on various web meeting platforms. Most these discussions have no malicious intent and are probably people just wanting to understand or discuss a specific topic. In some rare cases, however, it is clear that when an application is getting enough chatter, it is because attackers are starting to research vulnerabilities or test code.

Threat researchers also make use of text dumps that contain usernames, names, passwords and other information. This is often what happens to data when cyber criminals, or even people in your organisation, have intentionally or inadvertently leaked passwords or other personally identifiable information (PII).  This data can place an entire organisation at risk.

At the very least, organisations should be frequently checking to see if they’ve been caught up in these types of credential packages and data leaks.

In all, almost $100 million worth of Covid-related goods have been listed for sale on the dark web, according to a forthcoming report by the CTI League, which is a coalition of cyber security researchers investigating the intersection of Covid-19 and the Internet. In a survey of 25 of the largest Dark Web marketplaces, the CTI league found that 10% included Covid-related branding

Examining hacker forums and text dumps are just two of the ways that researchers can glean valuable information that will help them protect the networks they are responsible for.  For this reason, cyber security training for researchers needs to include methods of accessing the dark online world so the good guys can better understand how the bad guys operate and beat them at their own game.

Another key part of this ecosystem is the role of law enforcement. Threat researchers should work with law-enforcement agencies to share threat information in a way that’s easy and accessible. This has to be a two-way street. Tackling cyber-crime can’t be resolved unilaterally by law enforcement alone; it’s a joint responsibility that requires trusted relationships to be fostered between the public and private sector.

Dark Web scans don’t scan the entire Dark Web; that would be impossible. Instead, they monitor known cyber criminal forums and marketplaces where data dumps are frequently put up for sale.  A robust Dark Web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of Dark Web monitoring services is to look at them as one tool in your arsenal to protect yourself against cyber-crime. A Dark Web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyber-attacks at an affordable price.

Bloomberg:      Techradar:     Realwire:     Threatpost:    TechRepublic

You Might Also Read: 

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web: (£)

 

 

« New British Telecoms Security Law
Amazon Web Services Outage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Caretower

Caretower

Caretower is one of Europe’s leading value added managed service provider in cyber security.

Techzone Solutions

Techzone Solutions

Techzone Solutions is a leading ICT Solution Provider in Afghanistan. Services offered include cyber security.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Digital Boundary Group (DBG)

Digital Boundary Group (DBG)

Digital Boundary Group (DBG) is an information technology security assurance services firm providing information technology security auditing and compliance assessment services to clients worldwide.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

Sourcepass

Sourcepass

Sourcepass is an IT consulting company that focuses on providing expert IT services, cloud computing solutions, cybersecurity services, website, and application development.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.