Diving Into The Dark Web

The Dark Web is a place in cyberspace where criminals and other bad actors share stolen credentials and discuss successful attacks. Fake COVID-19 cures, counterfeit travel documents and scam call services are amongst the services being traded on the Dark Web and cyber criminals continually search for new  ways of exploiting the 2020 health crisis. Sensitive information often ends up for sale on the black market in the Dark Web, compromising the security of businesses and their employees. 

According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report from the Ponemon Institute, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the previous year.

The Dark Web is a collection of anonymous websites that are publicly available yet hide their IP (Internet Protocol) addresses to make it impossible for users to identify and track the host. It is very common that personal information, including email accounts, passwords and credit card details obtained through data breaches end up becoming available illicitly for sale on the Dark Web. Recently, personal information from places ranging from education organisations to voter databases in the US have been found exposed. Although there have been big takedowns of cyber-crime groups online, cyber criminals evolve to avoid detection.

But just as there’s a lot of bad on the Dark Web, there is some good, in the form of intelligence that can be used to help protect organisations from attacks.

Because they are so focused on doing what’s right, researchers often overlook additional rich sources of cyber-threat intelligence that attackers essentially hand out as they interact online. To defend as a good guy, you have to think like a bad guy. Getting into an attacker’s head provides clues as to how and why they operate.

Understanding The Dark Web

For general purposes, the terms “Dark Web” and “Darknet” are more or less interchangeable, but there are some nuanced differences. When people refer to the Dark Web, they’re usually talking about hacker sites on the Internet that you can access from a regular web browser. When people talk about Darknet, it means you need special software. The most common one is the Tor browser, but there are others as well.

Diving Into Darkness

To understand how hackers operate, it helps to explore their stomping grounds. A common data source for threat intelligence are attacker-run and torrent/onion forums, usually on the Darknet, where hackers often discuss, purchase and sell malware, ransomware and denial-of-service offerings. These forums usually  require researchers to jump through a significant number of hoops to access them. Some forums require payment of some kind; others require people to vouch for you as a real hacker. And sometimes, you have to prove your worthiness by demonstrating your ability to code around a security problem or create malicious software.

Most attackers on these forums aren’t just motivated by monetary gain. They’re also looking for some glory. They want to post and advertise their knowledge in forums that will have the most views, and many want to show off their skills. 

What they typically show off are frequent attacks targeting mass numbers of individuals and organisations rather than narrow, specific, targeted attacks. So, the techniques shared in these forums help defenders understand attacker culture and how to defend against frequent attacks.

Current Trends

Attack forums enable researchers to understand what attackers find interesting. Getting inside the mind of an attacker not only enables threat researchers to anticipate risks and the steps within an attack, but it also helps us to begin to profile certain cyber criminals. Threat behaviors are a lot like fingerprints and can be very useful in uncovering and defending against certain threats.

One trend in these attack forums that has been popular topic for discussion over the past few months is security on various web meeting platforms. Most these discussions have no malicious intent and are probably people just wanting to understand or discuss a specific topic. In some rare cases, however, it is clear that when an application is getting enough chatter, it is because attackers are starting to research vulnerabilities or test code.

Threat researchers also make use of text dumps that contain usernames, names, passwords and other information. This is often what happens to data when cyber criminals, or even people in your organisation, have intentionally or inadvertently leaked passwords or other personally identifiable information (PII).  This data can place an entire organisation at risk.

At the very least, organisations should be frequently checking to see if they’ve been caught up in these types of credential packages and data leaks.

In all, almost $100 million worth of Covid-related goods have been listed for sale on the dark web, according to a forthcoming report by the CTI League, which is a coalition of cyber security researchers investigating the intersection of Covid-19 and the Internet. In a survey of 25 of the largest Dark Web marketplaces, the CTI league found that 10% included Covid-related branding

Examining hacker forums and text dumps are just two of the ways that researchers can glean valuable information that will help them protect the networks they are responsible for.  For this reason, cyber security training for researchers needs to include methods of accessing the dark online world so the good guys can better understand how the bad guys operate and beat them at their own game.

Another key part of this ecosystem is the role of law enforcement. Threat researchers should work with law-enforcement agencies to share threat information in a way that’s easy and accessible. This has to be a two-way street. Tackling cyber-crime can’t be resolved unilaterally by law enforcement alone; it’s a joint responsibility that requires trusted relationships to be fostered between the public and private sector.

Dark Web scans don’t scan the entire Dark Web; that would be impossible. Instead, they monitor known cyber criminal forums and marketplaces where data dumps are frequently put up for sale.  A robust Dark Web monitoring service will catch the overwhelming majority of incidents where your personal information has been put up for sale.

The best way to think of Dark Web monitoring services is to look at them as one tool in your arsenal to protect yourself against cyber-crime. A Dark Web monitoring service, paired with good password security practices and a password manager, will provide comprehensive protection against nearly all password-related cyber-attacks at an affordable price.

Bloomberg:      Techradar:     Realwire:     Threatpost:    TechRepublic

You Might Also Read: 

New Dark Web Search Engine Can Strengthen Business Security:

Easy Cyber Knowledge Ch.2: Deep Web And The Dark Web: (£)

 

 

« New British Telecoms Security Law
Amazon Web Services Outage »

Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.