The dark web is a hive of cybercrime activity used to sell personal data, cybercrime tools, and company intelligence. It is also a growing source of information to attackers. A report released earlier this year by the Digital Shadows Photon Research team found more than 15 billion stolen credentials from 100,000 data breaches available to cybercriminals on the dark web. As is the ability to purchase illegal goods and services on the dark web, attackers now focus on open-source intelligence (OSINT) information related to data breaches involving sensitive data, information, and user credentials to formulate their attack plans against an organization. Any effort to properly protect your digital assets requires knowing what you are up against is an important part of fighting cybercrime.
What is the Dark Web?
The dark web is a large part of the internet that is not indexed by search engines and can only be accessed using special technologies. It is the section of the internet that requires special programs or technologies to access as nearly all traffic is encrypted and the activity is designed to prevent traceability of those participating in nefarious activities. The dark web is a treasure trove for stolen information that includes personal information from credit card numbers to health records and disclosed credentials. For companies, information shared on the dark web can be devastating as it is used to formulate attacks against companies. This has led to an average cost of a data breach in 2020 is $3.86 million, according to a report from IBM and the Ponemon Institute.
Why Passwords are Problematic
While a strong password policy can help protect your organization, employees are likely to get careless and reuse passwords across multiple websites and applications. This risk was highlighted with the LinkedIn data breach in 2012. When user credentials are not readily available, hackers often use phishing techniques to gain access to an email account. Once an account is compromised, attackers will work diligently to establish persistency to access data long-term before they are found and locked out. An email compromise could also lead to many other attacks on an organization, including ransomware attacks, stealing customer or employee information, transferring funds, or even stealing intellectual property. Some attackers like to share these exploits on the dark web and other drop locations to facilitate future attacks. When this happens, organizations need a way to know their information is on the dark web. This is where organizations employing their own dark web monitoring can provide value as a defensive mechanism.
What is Dark Web Monitoring?
Dark web monitoring scavenges the internet with an emphasis on the dark web, and provides proactive information to an organization when sensitive information or an employee’s credentials have been compromised. This can include trade secrets, intellectual property, sensitive technical details, known vulnerabilities, sensitive information accidentally published to the internet, or breached user credentials. Staying in the know about any potential malicious activity and sensitive data helps your organization go on an offensive defense by assessing the risk of disclosed sensitive information, remediating exposed vulnerabilities, changing passwords for accounts found, notifying users of the compromise, and having them be on higher alert for potential phishing attacks.
Staying Ahead of the Hackers
Unfortunately, hackers are diligent in their efforts to success in steal company data. LBMC helps companies address their security resource and prepare for potential breaches. For IT Security, LBMC scales up your resources with:
- Risk Assessments
- Penetration Tests
- Web Application Assessments
- Purple Team and Adversary Simulation exercises
- Ransomware Assessments
- Incident Response
- Forensic Analysis
- OSINT Assessments
The ability of today’s organizations to respond to a computer security incident quickly and efficiently has never been more critical. Preforming routine OSINT and dark web assessments should be a frequent activity to assist in the overall risk posture of any organization. One cannot defend against something they are unaware of. This could help ensure a proper response to network and computer attacks to prevent unneeded expense, over-extending internal resources, and provide the essential information needed to make critical decisions on how to move forward.
When it comes to addressing incident response, our team leverages extensive security and digital forensics expertise to assist clients while working to reduce the overall impact as much as possible through the following services:
- Incident Response
- Incident Response Plans
- Incident Response Programs and Training
- Forensic Analysis
- Penetration Testing
Learn more about LBMC’s Technical Security Services.
Content provided by LBMC cybersecurity professional, Bill Dean.