Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
At this time of the year, you can’t go anywhere without encountering something dark, spooky and mysterious. It all reminds me of misconceptions about the dark web, the area of the web that everyone is convinced they need to monitor but don’t quite know why.
While the dark web is overhyped, it’s not all a load of hocus pocus. Nevertheless, you shouldn’t be waiting until data is offered for sale on the dark web – there’s plenty you can be doing to prevent sensitive data getting into criminals’ hands.
In order to understand the value of the dark web as a source, it’s important to properly define it. The dark web refers to web content that has been intentionally obscured and may only be accessed through the introduction of an overlay network technology. The most common are Tor and i2P, although there are others. This is different to the deep web, which is anything that is not indexed by traditional search engines (such as a forum with a password). Criminal forums are hosted on the open, deep or dark web, so it would be wrong to view the dark web and criminality as synonymous. Similarly, the increased anonymity offered by the dark web can be a positive thing for whistleblowers, journalists, or individuals working under repressive conditions.
The trade of accounts and credentials is common across dark web sites and forums. A small number of these are new breaches of organizations, although these are more frequently shared in closed communities away from the dark web due to their high value. Only after a smaller, select group of criminals have leveraged this information will it be sold and shared more widely. More often, the accounts for sale on dark web forums and marketplaces occur from credential stuffing. This involves taking already-exposed credentials and testing them on another site. These can be sold piecemeal (as in Figure 1), or amalgamated into a broader package. These accounts often hold existing balances or loyalty points, which can then be used by fraudsters to pay for goods.
Figure 1: A screenshot from the dark web Empire Market
Payment card information is another core commodity traded in the criminal underground, and the dark web is no exception. Some dark web markets breach and sell their own breached payment cards, but it’s more common for them to act as resellers. One such market, Trumps Dumps, is shown in Figure 2. Monitoring these sites for your payment card information is relevant for three reasons:
Figure 2: A screenshot of the dark web “Trumps Dumps” credit card store
Insiders looking to sell sensitive information or access will turn to a number of online locations, including dark web sites. Figure 3 illustrates an individual selling insider access to a large mortgage company. If you’re looking to protect intellectual property and prevent data breaches, then monitoring the dark web (as well as the open and deep web) for insider threats is a sensible approach.
Figure 3: An individual selling access to a large mortgage company
Why wait until your information is exposed on the dark web? Given the amount of files exposed on misconfigured file sharing services (1.6 billion by our last count), it’s no surprise that criminals are taking this sensitive information and looking to sell it on the dark web. For example, Figure 4 shows an accounting firm’s misconfigured NAS drive containing tax return information of hundreds of their clients. By monitoring for exposed data across S3 buckets, rsync, SMB and FTP, you can prevent this information from getting into malicious hands in the first place.
Figure 4: Tax return information available via a misconfigured NAS drive
The dark web doesn’t have a monopoly of cybercrime but omitting this source from your collection efforts would be remiss.
Want to explore it for yourself? You can search across dark web sources (among many others) for free with a 7-day free Test Drive of our SearchLight service.
To learn more about the latest dark web trends, register for our upcoming webinar: Mitigating the Top 7 Dark Web Threats to Your Enterprise.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.