Top Reasons You Should (and Shouldn’t) Worry About the Dark Web
Cyber criminals inhabit the dark web, but it’s not the biggest cyber threat slumbering in the shadows of your organization
Cyber criminals tend to operate in their own little corners of the internet, often referred to as the dark web. However, the dark web has been so sensationalized that common misconceptions now serve as the general understanding of what it really is.
The idea that the dark web is the internet’s highly complex, shadowy carnival of criminals is one rooted in a kernel of truth, but surrounded by gigabytes of conjecture.
While it’s important for organizations to be aware of the existing threats the dark web poses, security teams and personnel shouldn’t be overly concerned about some of the fear mongering that exists. Below is an overview of how the dark web operates, how anyone with an internet connection can access it, and how organizations can protect themselves from the actual threats that populate dark web sites (while not worrying about the mythical ones).
How the The Dark Web Actually Works
The dark web is simply a “hidden” part of the internet that is not indexed by traditional search engines, like Google or Yahoo, and cannot be accessed by conventional web browsers, like Google Chrome or Mozilla Firefox. When a user accesses the dark web, they do so through Tor, a browser similar to Firefox that provides enhanced privacy and anonymity features. Tor directs internet traffic through a number of different computers, known as nodes, to hide users’ identity and location. Tor is open-source, so anyone can download and use the software to set up their own “hidden” website or browse other sites created for the Tor browser.
Outside of the realm of cyber crime, Tor also has legitimate uses. The core principle of Tor, known as “onion routing,” was originally developed by U.S. Naval Research Laboratory employees in the mid-1990s to protect U.S. intelligence communications online.
In some countries, governments impose internet censorship, blocking certain websites or platforms that they consider inappropriate or a threat. Tor enables users to bypass these restrictions and access blocked sites and content by routing the connection through several servers located around the world. Additionally, privacy concerns drive a lot of Tor usage, as users can prevent sites from tracking their location and understanding their browsing habits.
Dark Web vs. Deep Web
A lot of confusion exists around the terms “dark web” and “deep web,” with the two sometimes being used interchangeably. However, there is a distinct difference between them.
Like an iceberg, the majority of the internet is not visible to every user on its surface. The “deep web” is the submerged part, comprising all the web pages not indexed by traditional search engines. This includes things like personal email inboxes, bank account details, medical records, confidential corporate web pages, and membership-based websites. Essentially, the deep web consists of everything that is “connected” to the internet but can only be accessed with specific credentials.
The dark web is a hybrid of the deep web and the open web. Similar to the deep web, sites or services are intentionally hidden and inaccessible through anything other than a Tor browser. If a user has the correct dark web address — usually a URL that looks like gibberish and ends in “.onion” — they can visit and use the website or service through Tor, and it will behave in a similar way to any other site on the open web.
News sites like the New York Times and ProPublica, social media sites like Facebook, and government websites such as the CIA’s site all have legitimate .onion sites.
Understanding Dark Web Marketplaces
While there are plenty of safe websites on the dark web, there is a substantial amount of activity that involves the sale, trade, and/or proliferation of illegal goods and services. Dark web marketplaces, which are similar to web forums or auction sites, often have a reputation for facilitating illicit activities. Users can buy and sell items like illegal drugs, counterfeit money, stolen data, malware, and even weapons.
Popular dark web marketplaces where criminals trade malware and sell data include:
- Genesis Market
- Russian Market
While these marketplaces do present a danger to organizations, it’s not solely because they operate on the dark web. There are similar forums that operate on the open web, but are invite-only forums that sit behind password-protected pages. Some of these include:
- Breach Forums
The danger to an organization does not change due to the hosted location of the forum. If your organization is somehow connected to one of these forums — whether it is on the dark web or otherwise — there may be security issues to investigate.
Despite criminals’ desires to keep their operations as quiet as possible, law enforcement officials around the world are also aware of these forums and marketplaces. Over the past few years, there have been numerous operations carried out to take down dark web marketplaces and cyber criminal forums that operate on the open web. However, as soon as one is taken down, several more fill the vacuum. In an effort to avoid law enforcement actions, some criminal groups have moved away from forums entirely and gravitated towards closed group communication platforms hosted on Discord or Telegram.
Keeping One Eye on the Dark Side
Developing a proactive cyber security strategy is an invaluable practice for any small to medium-sized organization. With the help of InsurSec, organizations that invest in secure technology and implement real-time risk monitoring will enhance their resilience against cyber attacks.
A way to be proactive with regards to the dark web is to employ dark web monitoring through a threat intelligence provider. This can identify and flag compromised or stolen data before someone uses it for illegal and harmful activities. Companies that provide threat intelligence, such as At-Bay partners Rapid7 and SentinelOne, can also provide alerts about possible compromised credentials or attacker tactics, which can forewarn ransomware attacks.
It’s important to set expectations for what is possible with dark web monitoring. There is no product or service that can collect every possible event on every dark web marketplace or cybercriminal forum that could lead to a security incident inside an organization. Those interested in dark web monitoring should conduct due diligence to understand what activities, forums and threat actors are watched as part of the service.
Following good security practices can also act as a defense against your company’s data ending up on the dark web. Strengthening email security, using multi-factor authentication (MFA), and educating employees on cyber security hygiene can prevent the dark web from becoming a pertinent problem for your organization.
Don’t be Scared of the Dark — Prepare for it
Despite its reputation, the dark web is not a mysterious and impossible-to-understand section of the internet. Knowing how to navigate it can help security practitioners to identify potential threats, uncover malicious activities, and gather information that can enrich your organization’s security plan.
As organizations build a comprehensive security posture, understanding how the cyber crime ecosystem operates can help strengthen efforts to protect what matters most. With this knowledge, small and medium-sized organizations can optimize their security posture to guard against the threats that dark web can (and cannot) present to their operations.