The Cybersecurity Dangers of the Dark Web and How to Protect Your Organization

Even as its top marketplace, Dream Market, prepares to close its doors, the dark web continues to thrive. In fact, Darkode, one of the most well-known hacking forums and black markets, has recently reopened. And what are some of the most common wares at these underground markets? Organizational data, and the tools needed to get more. As long as the dark web exists, organizations must learn more about the threat they pose, and how to protect themselves.

A One Stop Shop for Cyber Attack Tools

There are any number of ways attackers can use the dark web to find what they need to attack an organization. One of the most common items is ransomware, which has become worryingly affordable. For less than $1000, anyone can buy a malware strain that can be used again and again. While individuals are frequently ransomed, organizations are naturally a much more lucrative target. In fact, ransoms for organizations are rapidly increasing, with the average payment per incident going from around $7,000 in the final quarter of 2018 to almost $13,000 in the first quarter of 2019. 

The marketplace isn’t limited to digital purchases. Interested parties can also buy physical means of attack like credit card skimmers or USB drives loaded with malware. Recently, a former student managed to destroy 59 computers at a small college in New York in a single evening using a “USB Killer,” a USB thumb drive that discharges electrical current to fry any device to which it is connected. Though the “USB Killer” is shockingly legal to buy, such an item or similar is also available on the dark web to those who don’t want their purchase to be tracked. Such physical items would be particularly effective in the hands of a malicious insider who has access to workstations and servers.

The dark web is also a refuge for those who are inexperienced in digital attacks. Thousands of fraud guides are available to those eager to learn more about multiple different types of attacks like phishing, brute force, or even simple account takeovers. These guides are incredibly cheap, typically only running someone five to ten dollars. Hacking services are also readily available. The recent reopened Darkode, mentioned earlier, specializes in customized hacking jobs, as well as providing simpler services like renting a botnet to mount a DDoS attack.

An Underground Marketplace to Sell Your Breach Bounty

The goal for many types of malware is breaching systems to steal data. Attackers can utilize stolen credentials to use for themselves to commit identity fraud. However, oftentimes these breaches are so large that the amount of data stolen is more than an individual could use in a lifetime. Selling these credentials is even more lucrative than using the data for themselves. The dark web is the most natural and best place to sell these records. A hacker known as Gnosticsplayers has posted hundreds of millions of accounts for sale on the dark web, earning thousands of dollars in bitcoin.

Usernames and passwords are far from the only thing for sale. The dark web has someone’s entire identity for sale, from social security numbers to bank account numbers. For example, old tax returns stolen from accounting and legal firms are readily available for next to nothing. An old W2 can cost a few dollars or less, and makes it possible to file fraudulent returns, open accounts, and other identity scams.

Stolen information isn’t limited to human identities, either. Hackers are now trafficking in digital trust and machine identities as well, selling data like SSL and TLS certificates, which can be used to commit a number of different types of attacks. As more and more types of data come up for sale, the less confidence organizations and users can have in the security of the internet at large.

Not for Sale: Keeping Data Off the Dark Marketplace

With seemingly endless ways to perpetrate attacks, and a ready-made spot to sell the bounty of these attacks, it’s easy to feel daunted at the prospect of how to put up defenses. However, there are plenty of ways for your organization to prevent or remediate any threats from the dark web.

Just as you keep locks on every door and window to your house, so should you protect every endpoint in your organization. While antivirus on workstations is routine, a high priority should also be placed on server specific, native antivirus for your servers, which are the key storage areas data attackers and threat actors are eager to exploit. Internet of Things (IoT) devices are becoming commonplace to the workplace, but preventative security specific to such devices is difficult to find. Given the prevalence of botnets on the dark web, it’s critical to ensure that your smart device is not part of such a network. Advanced threat detection solutions are the best way to find out if any IoT device, be it tablet or MRI machine, is infected with malware or being used for malicious purposes.

Insider threats should also be strongly considered when evaluating solutions. Insiders naturally have more access to data, and a simple purchase from the dark web could devastate an organization without proper monitoring and controls. Security solutions that enforce least privilege and detect anomalies within an organization can help defend against insider threats.

Monitoring can be provided by SIEM solutions, which filter numerous data sources and provide helpful insights through normalization and correlation. They can also identify suspicious behavior inside and outside of your organization   through real-time updates, threat prioritization, and reducing the number of interfaces in need of monitoring.

Control can be achieved with Identity and access management (IAM) solutions, which enable a robust approach to managing and governing access by utilizing the principle of least privilege, which highlights granting users only the access they need, when and how they need it. Employees require some access to complete their job, but not universal access, which can be all too tempting to exploit.

Finally, what better way to prevent being attacked than by thinking like the attackers? Penetration tests utilize ethical hacking to safely exploit security vulnerabilities, providing organizations insight and enabling remediation before an attack ever takes place. Regular penetration testing keeps organizations up to date on the latest strategies and tactics used by threat actors and the tools they provide on the dark web. Threat actors thrive in environments where individuals and organizations remain ignorant, hoping that their fear will overwhelm them into inaction. Staying vigilant and being proactive about building a strong security portfolio to set up barriers to your data is the best way to keep your information safe in their databases, and off the dark web.