Ah, the dark web. To many, a place of mystery; to some, an evil force to be reckoned with; and to cybercriminals, a playground.
But what you might not know is that our perception of the dark web is often paved by misconceptions.
One of these is that the dark web is all criminal activity and black-market sales. But, perhaps surprisingly, that’s not what the dark web is intended for.
Another is that the dark web is no threat to your business—after all, if you’re not actively involved with its activities, then you must be safe from its grasps.
But that’s not quite the case either. And there are, in fact, many dangers that your business can face on the dark web—even if you’ve never set foot on one of its sites.
Throughout this article, we’ll explain what the dark web is, what it can be used for, and why you as a business should care about what’s lurking in its depths.
What Is The Dark Web And How Does It Work?
The dark web is a hidden network of websites that can only be accessed via specialized technologies and web browsers. The point is to provide greater privacy for users by enabling them to surf the web anonymously.
It’s also designed so it can’t be seen by the naked eye. When you’re looking at the web as a whole, there’s a lot more to it than the eye can see.
The Dark Web Vs The Surface And Deep Web
Think of the web as a massive iceberg floating in the middle of the North Atlantic Ocean. This is a metaphor that’s pretty commonly used when explaining the dark web, but we can’t think of a better one so let’s run with it.
We can generally split this iceberg into three main sections:
- The surface web: What’s known as “the surface web” is just the tip of the iceberg. It’s the ice that floats above the water—the ice that you can see—and only accounts for around 5% of the total internet. It’s also home to any site that’s publicly available—including sites listed in Google’s index.
- The deep web: The “deep web” is the part of the iceberg that floats below the water—and it makes up the remaining 95% of the internet. The deep web includes sites that aren’t publicly accessible and can’t be indexed by Google—such as intranets, content behind paywalls, databases, social media accounts, and email accounts.
- The dark web: The dark web is a small component of the deep web that sits at the very deepest and darkest parts of the iceberg. And, just like the deep web, the dark web is not publicly accessible. Except the dark web goes one step further in that it’s configured on overlay networks called darknets, meaning only those with specialized software or browsers can access it.
Read about the differences between the deep and dark web in our article: The Dark Web Vs Deep Web: What’s The Difference?
So, while “dark web” might sound like Spider Man’s evil twin, its key features are that it’s entirely inaccessible to those using regular web browsers, and it’s much more difficult to track and identify individuals that use it.
So, how can it be accessed?
Accessing The Dark Web
Because the dark web is built on darknet networks, it can only be accessed via specialized software and browsers. There are several of tools that are freely available to use.
Freenet and the Invisible Internet Project (I2P) are two widely-used methods to access the dark web, but The Onion Router—otherwise known as Tor—is by far the most common. So how does Tor work?
Well, if you’re a Shrek fan then you might be familiar with the infamous quote: “Ogres are like onions… They have layers”. We can say the same about The Onion Router—it too has layers.
Except, unlike both onions and ogres, these layers consist of multiple encryption methods and anonymizing tools, routing traffic through at least three relay points (called “nodes”) across the globe so that you can browse privately.
This does mean that your web browsing will be slightly slower than usual because each request is bounced around before reaching its destination. But the payoff is that your IP address will be hidden and your identity encrypted.
Dark webpages also can’t be indexed by surface web search engines like Google. These can only be accessed by either entering their URLs directly (many use the domain suffix “.onion”) or using dark web search engines and directories—although many users argue that these are often unreliable or dangerous.
You also can still access and browse everyday websites on the surface web while using Tor. But as noted above, your browsing speed will be slower and these sites might see the use of Tor as a sign of suspicious activity and lock you out.
What Happens On The Dark Web And Is It All Bad?
The dark web has quite a notorious reputation for criminal and illegal activity. But the dark web itself isn’t inherently bad.
In fact, when we spoke to Adam Darrah, director of threat intelligence at ZeroFox, he likened the dark web to a big city. Some neighbourhoods might have higher crime rates than others and, as a result, might be more dangerous to visit—but there’s no reason for the everyday individual who values law and order to visit those areas. And it doesn’t mean that the city as a whole is unsafe.
We can say the same of the dark web.
A lot of the activities that are undertaken on there are perfectly legal and legit. Because of its anonymity, it’s a space for individuals who value their privacy to browse the web without being tracked, as well as for individuals, journalists, and activists living in countries with limited free speech to organize and communicate with one another.
But there are two sides to every coin—and the other side of the dark web coin can get pretty unsavoury.
The Dark Side Of The Web
A common question asked about the dark web is whether accessing it is illegal. And the simple answer is: No, accessing the dark web isn’t illegal. But using it to participate in criminal activities is.
Unfortunately, there are many cybercriminals that exploit the anonymity that the dark web provides to make sketchy deals, trade sensitive information, buy/sell illegal products and substances via underground marketplaces, purchase malicious software, and more.
And, while it’s only a small percentage of users (less than 7%) that are likely to use Tor to access the dark web for “malicious purposes”, that 7% can cause significant disruption and damage through criminal activity.
What’s more, even if you’ve never set foot on the dark web yourself, if you’ve ever been subject to a data breach (and, you might not know that you have) then chances are your personal information is up for sale in its marketplaces. This can range from home addresses, passwords, corporate emails, credit card details, dates of birth, social security numbers, and more.
You can check if any of your passwords, email addresses, or phone numbers have been breached by using haveibeenpwned.com.
Why Should Businesses Be Aware Of The Dark Web?
So, why should businesses like yours be aware of what’s going on in the dark web? Let’s break this down into three key points.
1. Breached Data Often Ends Up On Dark Web Marketplaces
Dark web marketplaces are hotspots for selling and buying sensitive business data.
And, even if you aren’t aware that your business, employee, or customer data has been breached, it doesn’t mean that it hasn’t.
Data that might be bought and sold can include employee and customer data and personally identifiable information (PII), company credit cards and financial details, emails and passwords, company announcements that can impact stock value, and more.
And what’s more, it isn’t uncommon for business data to end up on these marketplaces. SpyCloud’s 2021 Breach Exposure of the Fortune 1000 report found 543 million breach assets on the dark web that were associated with Fortune 1000 employees, as well as almost 26 million plaintext passwords—which works out at an average of 25,927 exposed passwords per company.
With the prevalence of remote working (meaning users often work from unsecured home networks and criminals benefit from a larger attack surface for criminals to take advantage of), as well as an increase in phishing attacks that aim to steal credentials and sensitive information (with 83% of organizations experiencing a successful phishing attack in 2021—a 46% rise from 2020), knowing where and how you’ve been breached—as well as knowing where that data has ended up—is more important than ever.
2. Criminals Often Share Plans And Intel On Attacks On The Dark Web
Because of the level of anonymity and privacy provided by the dark web—and also, because they know that companies typically don’t have much of a presence on this part of the internet—threat actors often feel more comfortable in overtly engaging in more suspicious activity and sharing information amongst themselves.
And, while reputational currency is everything on the dark web and criminals aren’t going to share intel with just anyone, threat actors will often post tips and information in closed and trusted forums and groups. This might include plots to carry out ransomware or distributed denial of service (DDoS) attacks. As ZeroFox’s Adam Darrah tells us:
“When you have eyes and ears in some of these places, you have access to these data brokers that like to tell people ‘Hey, ransomware guys, I’ve got access to this company that’s based in Norway that has an annual revenue of $1.2 billion. Anybody interested?’”
So, as a business, wilfully remaining ignorant of the dark web and failing to have some kind of a presence on there, this only means that when a planned attack is headed your way, you won’t be able to prepare.
3. Every Business Is A Target
If you’re a small business, it can be easy to think that you might not be a target for cybercriminals looking to extort large amounts of money or wreak havoc on your operations.
But in reality, smaller businesses often have fewer resources to protect and recover data if it’s stolen, or to protect themselves from attacks—making them more attractive targets for criminals looking for a quick win. And believing that you aren’t a target will only mean that you’ll be less prepared if you are hit.
No matter what size your business is or the industry that you operate in, it’s safe to assume that you are a target, and to take the necessary steps to mitigate the damage that an attack can cause.
Next, we’ll take a look at some of the ways you can do this.
How To Protect Your Business From Dark Web Activity
So, yes, the dark web is a danger to your business even if—well actually, especially if—you don’t have any kind of a presence on there.
But the good news is there are various ways you can help protect your business from the threat actors on the dark web. Here are four recommendations to help you to do so.
1. Dark Web Monitoring Solutions
Because a lot of breached business data ends up being sold on the dark web, as well as information on plots and attacks, it’s a good idea to monitor its depths for any mention of your business.
Dark web monitoring solutions are services that continuously scour the dark web for breached company data, planned attacks on your business, and intelligence on the latest threats. If a threat is identified, you’re notified instantly so you can address it before you’re hit.
Many solutions also come with specialized individuals that are equipped to blend into closed forums and gather intel. These individuals have good reputational currency, access to closed forums, and can speak the language, so they’re less likely to be flagged as suspicious and be blocked.
After all, if you’re going to be exploring the deepest parts of the iceberg, you want to send a fully trained scuba diver with all the right knowledge, experience, and gear, rather than venturing down there yourself with nothing but a snorkel and a pair of flippers.
To find the right solution for your business, take a look at our guide: The Top 10 Dark Web Monitoring Solutions.
2. Security Awareness Training
The most common way for criminals to get their hands on company data is by breaching your systems. And a massive 84% of breaches are caused by human error.
So, training and supporting your employees to keep your company data safe and to know how to respond to attacks is a vital aspect of your cybersecurity strategy.
Security awareness training is designed to educate your employees on the threats that they might face, how to respond to them, and how to keep data safe. This is often by providing a combination of educational contentand simulated phishing emails to offer a well-rounded education.
Take a look at our guide: The Top 10 Security Awareness Training Solutions.
3. Password Managers And Policies
Passwords are among the most traded commodities on the dark web—and it’s easy to see why. Getting their hands on the right password to the right account can enable a threat actor to inflict copious amounts of damage, as well as steal sensitive company data.
And with an unbelievable 99% of users estimated to reuse the same passwords across their work and personal accounts and a large number of users still using the world’s weakest passwords (“qwerty”, “123456”, and the infamous “password”), it’s vital for your users to use strong and unique passwords across all accounts.
One way to implement this is via password managers. Password managers are essentially digital encrypted vaults that can not only securely store users’ passwords but also create strong and unique passwords on their behalf and prompt them not to reuse passwords across multiple accounts or use weak passwords. Admins can also use these tools to monitor password health organization wide.
To find the right password manager for your business, see our guide: The Top 10 Password Managers For Business.
Password policies are also must-haves when it comes to creating strong passwords.
Password policies are sets of rules that determine password length and complexity when a user is setting a new password for an account. And what’s more, they can also prompt users to change passwords after they’ve been compromised, lock accounts after too many incorrect login attempts, lock inactive accounts, and more.
For more information on password policies, see our guides: How To Create A Secure Password Policy For Your Organization and The Top Enterprise Password Policy Enforcement Software.
4. Strong Identity And Access Management
So, what if a hacker does manage to get their hands on one or more of your employees’ passwords by acquiring them from a dark web marketplace? Well, a key way to prepare your business is by adding multiple layers of security to the login process.
To achieve this, we always recommend using multi-factor authentication across all accounts.
MFA is a system where any user logging into a given account must verify their identity in two or more ways before they’re allowed access. This means that, even if a hacker were to log in using that user’s password, they’d also need a code from an authenticator app or biometric scan, for example, before they’re allowed access.
Take a look at our guide: The Top 11 Multi-Factor Authentication (MFA) Solution For Business.
We also recommend investing in a strong privileged access management (PAM) solution.
Privileged accounts might be a more attractive target for threat actors because they have greater access to critical controls and sensitive data. PAM is a security measure that enables you to control and monitor privileged users’ access to key systems as well as their activity, helping you to prevent account takeover.
To find the right solution, see our guide: The Top 10 Privileged Access Management (PAM) Solutions.
Summary
Equipped with this knowledge, you can now implement the right security measures and protections from the get-go to help protect your business from illegal activity on the dark web.
