Using the Internet today is second nature to most us. We take it for granted every day. However, when something goes wrong with it, or when it is unavailable for even a short period of time, we often feel “stuck” or paralyzed. It is important to understand that what we use today for searching, communicating, and even purchasing goods and services is but one small part of the Internet known as the “Clear Web” or the “Indexed Web”.
The Clear Web represents what is available to the public. At the present time, well over 6,000,000,000 websites are visible, or “indexed”. While this may sound like a daunting number, it accounts for only about 1%-4% of the total Internet. The remaining 96% is not available to the public, and thus is known as the “Dark Web”. (Source: 1).
What Is the Dark Web?
The Dark Web is very often thought of as the place where underground criminal and illicit activities take place. While this is for the most part true, the Dark Web is also used for legal purposes. The Dark Web can only be accessed via a special web browser which is known as “Tor”.
The Dark Web cannot be accessed by browsers such as Microsoft Edge, Google Chrome, or the iOS Safari. But when it comes to Cybersecurity, the Dark Web is often the place where the Cyberattacker will come to first in order to procure services with which they can launch their threat variants.
The Dark Web is also where Cyberattackers can unload the crown jewels they have seized by launching a covert attack. These “jewels” often include usernames/passwords, credit card numbers, Social Security numbers, patient health data, and financial or other kinds of banking information. The Cyberattacker’s primary goal is to sell all of this for a handsome profit. Therefore, along with other protective measures your company may take (such as Penetration Testing), it is equally critical that you routinely scan the Dark Web to see if any Personal Identifiable Information (PII) datasets (such as those associated with your employees and customers) have been dumped there. This is technically known as “Dark Web Monitoring”.
Dark Web Monitoring: How often and for How Long?
It is important to note that the terms “Dark Web Monitoring” and “Dark Web Scanning” are often used synonymously. However, the terms have very different meanings. The former refers to monitoring the Dark Web on a regular and frequent basis, whereas the latter refers to doing a one-off dive into the Dark Web. To keep your company well protected, it is highly recommended that your IT Security team engage in the active and frequent monitoring of the Dark Web.
There is also confusion about whether Dark Web Monitoring involves Penetration Testing. Truth be told, it does not, primarily because there are many parts of the Dark Web that are still sealed off, and when you do a deep dive into it, you want to keep your identity as secret as possible. Also, keep in mind that Penetration Testing can take quite some time to accomplish, and when you are on the Dark Web, you want to stay there for as short a time as possible so that your IT Security team cannot be tracked down. Therefore, the primary activities you should engage in are visiting and monitoring the various Dark Web forums and online stores where stolen PII datasets are often bought and sold.
The Benefits of Monitoring the Dark Web
There are many benefits to conducting Dark Web Monitoring exercises, including the following:
- Minimizing further damage. The trend today is for a Cyberattacker to take a long time to study the profiles of their intended victims. They do this to determine the most vulnerable point in which they can penetrate covertly. Once they are in, their goal is to stay in for as long as possible and to move in a lateral fashion so that they can enter other areas of the IT/Network Infrastructure as well. The Cyberattacker doesn’t steal the PII datasets in one huge swipe; rather, they take them out bit by bit so that your IT Security team does not notice it until is too late. But if you engage in routine monitoring of the Dark Web, you may come across information/data that looks like it was stolen from your company; this will be your first indication that a Cyberattacker has entered your system. From there, you can take action to kick them out of your IT/Network Infrastructure, and seal off any holes that are still lurking. This is where a Penetration Test can be used in conjunction with the Dark Web Monitoring exercise. Of course, the sooner you do this, the better, before the real damage starts to set in for your company.
- Beefing up your lines of defense. The common thinking here is that by merely conducting a Cyber Risk Analysis you can determine exactly what steps you need to take make your defense perimeter even stronger. While this is certainly true to an extent, engaging in Dark Web Monitoring can help you to further pinpoint those areas in defense mechanisms that still need more work. For example, once you know that some of your PII datasets have actually found their way onto the Dark Web, your IT Security team can then backtrack to determine the manner in which they were stolen. You will then be able to determine where the weak spot was. For example, even though your databases may have been upgraded with the latest patches and upgrades, there could have been a security flaw in the source code which allowed the Cyberattacker to penetrate into, and covertly hijack, this information.
- Coming into compliance. With advent of the Remote Workforce now taking a permanent hold, it is expected that both the GDPR and the CCPA will be strictly enforced. A major part of these key pieces of legislation is making sure that the PII datasets that are housed in your database are protected by the best possible layers of defense. If you are ever audited, you can prove to regulators that you are taking a proactive stance by taking further steps to protect these mission critical pieces of information and data. Also, by engaging in this kind of activity now, you will be able to quickly implement the necessary controls in case your IT Security team discovers any corporate information/data for sale on the Dark Web— before it is too late.
This article has examined what Dark Web Monitoring is and the benefits of doing it for your company. A future article will examine the components and operations that are actually involved when conducting this kind of exercise.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.