Can dark web monitoring move you one step ahead of cybercriminals?

What is the dark web? And why should businesses care about it? Here’s what you need to know about monitoring the secretive counterpart of the public internet.

Share article

dark web monitoring

Imagine if it didn’t take an average of 190 days to identify a data breach and then a further 57 days to contain it. Imagine if instead you could cut down those times to just a few days or even a few hours, mitigating the effects of a data breach and minimize long-term damage to your organization.

It all starts with understanding how cybercriminals work and knowing what they do with stolen data. The dark web plays an important role, since that’s where most hackers and scammers go to trade their ill-gotten gains. This mysterious counterpart of the public internet is home to stolen information and wanton criminality. But what does that mean for protecting your business, and is there really any value in using dark web monitoring services?

What exactly is the dark web?

By now, most of us have heard of the hidden version of the public internet known as the dark web, but few other than cybercriminals and the law enforcement agencies tasked with tracking them down really know much about it.

Firstly, it’s important to explain what the dark web isn’t. It exists separately from the public internet for a start, and neither is it the same thing as the deep web. The deep web is the part of the web we spend a lot of our time on already, since it includes everything that’s hidden behind a login page, such as our email, intranet and bank accounts. It’s everything online that isn’t indexed by search engine crawlers, and remains inaccessible to those without the right account credentials.

Although the two are commonly confused, the dark web is an entirely different beast. While it uses the same infrastructure as the public internet, the dark web is an overlay network that requires specialized software to access it, such as the popular Tor browser. Servers connected to the dark web hide behind multiple layers of security and anonymity. This makes it notoriously difficult for law enforcement agencies to track down their location and the people who maintain them. Also, criminals invariably use cryptocurrencies like Bitcoin to hide their transactions, which is why ransomware payments are never demanded in US dollars or other mainstream currencies.

Another common misconception about the dark web is its legality. Although a lot of content on the dark web is illegal, the network itself isn’t. In fact, it does have its legitimate uses, at least in theory. For example, journalists may use it to allow their sources to remain anonymous, and citizens of oppressive regimes may turn to it as a platform for free speech. As far as companies are concerned though, it’s primarily a hotbed of criminality.

Why is the dark web so dangerous?

Naturally, the fact that people think they get away with just about anything on the dark web, whether that’s hiring an assassin or selling ransomware as a service, has made it the medium of choice for all manner of criminals. Perhaps the most poignant example of all was the Silk Road marketplace, a darknet market that mostly sold drugs. Despite being the first and biggest illegal darknet marketplace, it took the FBI in the US three years to track down its founder Ross Ulbricht, who is now facing life imprisonment without the possibility of parole. The site, along with its successors, have now been closed down.
dark web monitoring
While you might think that the Silk Road’s takedown would set an example, it hasn’t had much of an impact on darknet criminality. Despite the past couple of years seeing a significant uptick in dark web law-enforcement, thanks to Operation Onymous by Europol and the multinational Operation Bayonet, many illegal marketplaces are alive and well – and growing fast. Most transactions now take place over darknet forums and smaller marketplaces, since many of the big names like AlphaBay, Wall Street and Dream Market have been taken down. But that hasn’t made the dark web any less of a threat to businesses.

Cybercriminals most often carry out their attacks for financial gain. That means they need a place to sell their ill-gotten gains, and the dark web presents the perfect marketplace. In other cases, victims may be held to ransom, with attackers claiming they’ll publicly disseminate their stolen data, which might include anything from explicit photos to bank account details, if they don’t pay up. A lot of stolen data, however, ends up on the dark web. For example, ‘fullz’ is dark-web lingo for full packages of identifying information, which is sold to identity thieves for use in credit card fraud. If these records are stolen in a data breach that targets your business, then that’s likely where they’ll end up.

Help or hype – are dark web monitoring services worth the money?

Dark web monitoring services have received a lot of hype in the in the last two years, following the catastrophic data breach that befell the Equifax consumer credit reporting agency, which exposed private information belonging to 147 million people. Rival agency Experian saw this as a market opportunity, so it quickly launched its dark web monitoring service in the US. It touts it as an identity theft protection product, although it does also let you freeze your assets to stop unauthorized individuals opening new lines of credit in your name.

Many companies are now offering dark web monitoring services, but there’s still a widespread misunderstanding about how they work, or even if they work at all. For a start, they don’t scan the entirety of the dark web, since doing so would be practically impossible. And neither can they initiate takedown proceedings against stolen records or intellectual property. The reality is that, once something ends up on an underground marketplace, there’s often nothing you can do to prevent it from being sold or misused.

Dark web monitoring services can only detect information that’s publicly available. Just like the search engine crawlers can’t see anything that’s hidden behind a login or paywall, dark web scanners can’t access anything that’s being shielded from scraping software. Instead, they’re looking out for big data dumps containing leaked personal information like passwords and payment card details. If your business suffers a data breach, and the stolen records have ended up on the dark web, then a dark web monitoring service will inform you, but only provided they could get their hands on it in the first place. Fortunately, there are many more effective ways to protect your business from the dangers of the dark web, such as by staying away from it, ensuring all data is encrypted and educating your employees of the dangers.

But if you’ve had a breach, it’s time to face facts – your data has already been stolen. If a massive data dump containing sensitive information pertaining to your business, employees or customers ends up on the dark web, then having the means to monitor it may allow you to identify the breach and act faster to alert anyone whose information has been stolen and lock down any compromised accounts. But it’s not a fool-proof solution, and neither will it protect you from the worst effects of identity theft.

However, in addition to helping you react quicker, dark web monitoring does offer some proactive value by helping keep business decision makers informed about trends and developments in these underground communities that might compromise their security. For example, if there’s chatter about targeting a particular company in dark web forums, a monitoring service could reveal it, giving you a chance to brace for an attack.

How else can you find out if you’ve been hacked?

As dark web monitoring isn’t a fool-proof option, many business leaders are looking for other, more reliable, ways to tell if they’ve been hacked. Some methods don’t even require you to invest a monthly fee. For example, individuals and businesses can quickly find out if their email addresses or any accounts associated with it have been compromised on Have I Been Pwned.

In the end, the only truly reliable way to find out if you’ve been hacked is to keep full audit trails of all activity across your network and every device connected to it. Today’s security solutions go far beyond the limited capabilities of conventional antivirus software and firewalls to search for suspicious activities rather than just detect known threats. These might include unusual computing activities, strange network connections or unwanted software installations.

Remember that no information security infrastructure is 100 percent effective. But if your organization does fall victim to a data breach, then the sooner you learn about it, the more time you’ll have to prevent unacceptable losses. That’s why a multi-layered, proactive approach to cybersecurity that provides full, real-time visibility into all your digital assets, is the only proven solution for keeping your business and your customers safe.

Threat intelligence

Worried about the latest cybersecurity threats? Get the latest news in threat research and keep ahead of attackers with Kaspersky’s Securelist magazine.

About authors

Produced by the editorial team for Secure Futures by Kaspersky magazine