Diving Into The Dark Web

The Dark Web is a place in cyberspace where criminals and other bad actors share stolen credentials and discuss successful attacks. Fake COVID-19 cures, counterfeit travel documents and scam call services are amongst the services being traded on the Dark Web and cyber criminals continually search for new  ways of exploiting the 2020 health crisis. Sensitive information often ends up for sale on the black market in the Dark Web, compromising the security of businesses and their employees. 

According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report from the Ponemon Institute, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

The Dark Web is a collection of anonymous websites that are publicly available yet hide their IP (Internet Protocol) addresses to make it impossible for users to identify and track the host. It is very common that personal information, including email accounts, passwords and credit card details obtained through data breaches end up becoming available illicitly for sale on the Dark Web. Recently, personal information from places ranging from education organisations to voter databases in the US have been found exposed. Although there have been big takedowns of cyber-crime groups online, cyber criminals evolve to avoid detection.

But just as there’s a lot of bad on the Dark Web, there is some good, in the form of intelligence that can be used to help protect organisations from attacks.

Because they are so focused on doing what’s right, researchers often overlook additional rich sources of cyber-threat intelligence that attackers essentially hand out as they interact online. To defend as a good guy, you have to think like a bad guy. Getting into an attacker’s head provides clues as to how and why they operate.

Understanding The Dark Web

For general purposes, the terms “Dark Web” and “Darknet” are more or less interchangeable, but there are some nuanced differences. When people refer to the Dark Web, they’re usually talking about hacker sites on the Internet that you can access from a regular web browser. When people talk about Darknet, it means you need special software. The most common one is the Tor browser, but there are others as well.

Diving Into Darkness

To understand how hackers operate, it helps to explore their stomping grounds. A common data source for threat intelligence are attacker-run and torrent/onion forums, usually on the Darknet, where hackers often discuss, purchase and sell malware, ransomware and denial-of-service offerings. These forums usually  require researchers to jump through a significant number of hoops to access them. Some forums require payment of some kind; others require people to vouch for you as a real hacker. And sometimes, you have to prove your worthiness by demonstrating your ability to code around a security problem or create malicious software.

Most attackers on these forums aren’t just motivated by monetary gain. They’re also looking for some glory. They want to post and advertise their knowledge in forums that will have the most views, and many want to show off their skills. 

What they typically show off are frequent attacks targeting mass numbers of individuals and organisations rather than narrow, specific, targeted attacks. So, the techniques shared in these forums help defenders understand attacker culture and how to defend against frequent attacks.

Current Trends

Attack forums enable researchers to understand what attackers find interesting. Getting inside the mind of an attacker not only enables threat researchers to anticipate risks and the steps within an attack, but it also helps us to begin to profile certain cyber criminals. Threat behaviors are a lot like fingerprints and can be very useful in uncovering and defending against certain threats.

One trend in these attack forums that has been popular topic for discussion over the past few months is security on various web meeting platforms. Most these discussions have no malicious intent and are probably people just wanting to understand or discuss a specific topic. In some rare cases, however, it is clear that when an application is getting enough chatter, it is because attackers are starting to research vulnerabilities or test code.

Threat researchers also make use of text dumps that contain usernames, names, passwords and other information. This is often what happens to data when cyber criminals, or even people in your organisation, have intentionally or inadvertently leaked passwords or other personally identifiable information (PII).  This data can place an entire organisation at risk.

At the very least, organisations should be frequently checking to see if they’ve been caught up in these types of credential packages and data leaks.

In all, almost $100 million worth of Covid-related goods have been listed for sale on the dark web, according to a forthcoming report by the CTI League, which is a coalition of cyber security researchers investigating the intersection of Covid-19 and the Internet. In a survey of 25 of the largest Dark Web marketplaces, the CTI league found that 10% included Covid-related branding

Examining hacker forums and text dumps are just two of the ways that researchers can glean valuable information that will help them protect the networks they are responsible for.  For this reason, cyber security training for researchers needs to include methods of accessing the dark online world so the good guys can better understand how the bad guys operate and beat them at their own game.

Another key part of this ecosystem is the role of law enforcement. Threat researchers should work with law-enforcement agencies to share threat information in a way that’s easy and accessible. This has to be a two-way street. Tackling cyber-crime can’t be resolved unilaterally by law enforcement alone; it’s a joint responsibility that requires trusted relationships to be fostered between the public and private sector.

Dark Web scans don’t scan the entire Dark Web; that would be impossible. Instead, they monitor known cyber criminal forums and marketplaces where data dumps are frequently put up for sale.  A robust Dark Web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of Dark Web monitoring services is to look at them as one tool in your arsenal to protect yourself against cyber-crime. A Dark Web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyber-attacks at an affordable price.

Bloomberg:      Techradar:     Realwire:     Threatpost:    TechRepublic

You Might Also Read: 

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web: (£)

 

 

« New British Telecoms Security Law
Amazon Web Services Outage »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Sookasa

Sookasa

Sookasa offers a single, seamless CASB solution to detect breach risks, encrypt data, and enforce your security policies.

ByteLife Solutions

ByteLife Solutions

ByteLife Solutions specialises in the provision of IT infrastructure services and solutions, including cybersecurity.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Bolster

Bolster

Bolster (previously RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Exabeam Cyberversity

Exabeam Cyberversity

Exabeam Cyberversity is a philanthropic program to help aspiring cybersecurity professionals navigate career options and increase industry-wide diversity through knowledge sharing and networking.

National Cryptologic Foundation (NCF)

National Cryptologic Foundation (NCF)

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.