Dark web threats – and what to do about them
The dark web poses a threat to businesses, with criminals using it to launch cyber attacks and sell stolen business and customer data. Understanding how criminals operate in this hidden ecosystem, and the steps you can take to protect yourself from them, can help you keep your business safe.
What exactly is the dark web?
The internet is made up of 3 parts:
The surface web, also called the clear web, clearnet or visible web, is the part of the internet indexed by traditional search engines like Google.
The deep web: like the dark web, this is a part of the internet that’s not indexed by traditional search engines. It’s often confused with the dark web, but it’s not the same. The content on the deep web is mainly harmless. It contains things like library catalogues, company intranets and content that’s behind log-ins – including the content of online banking accounts and personal email accounts. Private or commercial information that’s password protected, in other words.
The dark web: the dark web is part of the deep web, but as its name suggests, it’s hidden. You can’t get to it using a conventional web browser like Google Chrome or Mozilla. It’s only accessible via a browser specifically designed for the purpose, such as the Tor browser (Tor is an acronym of The Onion Router, a reference to onion-like levels of encryption). Using the dark web is not illegal in itself, but there’s a lot of harmful content on it – it’s estimated that around 60% of it is illicit. This includes compromised data, the sale of which is the second or third biggest category in dark web markets, according to Europol.
However, although much of the material on the dark web is illicit, this isn’t the case with all of it. The BBC for example, has a presence on the dark web, enabling people living in repressive regimes to access their content without fear of discovery.
How does the dark web work?
The advantage that the dark web has for criminals is that it’s completely anonymous. Search engines can’t detect the browsers used to access it, and those who publish material on it are also anonymous because of encryption.
This makes it a meeting place for organised criminal gangs who use forums on the dark web to communicate with each other, sharing techniques and services, including encryption, counter anti-virus and renting servers to host criminal activity.
Crypto currency, such as Bitcoin, enables payments to be made on the dark web anonymously.
What threats does the dark web present to businesses?
The sale of ransomware and malware: there were over 4 million ransomware attacks in the UK in the months up to July 2020. These happen when malware inadvertently downloaded onto a computer encrypts the victim’s files. Ransomware attackers then demand payment for restoring access. Ransomware attacks can be devastating for businesses – one of the most infamous was WannaCry in 2017, which reportedly cost the NHS £92 million.
Shipping giant A.P. Moller-Maersk, which moves freight round the world, suffered losses of between USD200-300 million in the NotPetya malware attack which rendered apps, laptops and servers useless. The damage took less than 10 minutes to spread through the company.
Ransomware packages are sold on the dark web, including custom-built models and even ransomware-as-a-service subscription packages, enabling non-technical criminals to launch attacks on businesses.
The sale of business data: if your business is hacked and your data stolen, it may well end up for sale on the dark web. Hackers also sell access to breached company databases, leaving them open to the theft of anything from financial information to employees’ personal details.
As well as being hugely damaging reputationally for companies, data breaches can be very expensive. The Information Commissioner’s Office (ICO) fined DSG Retail Limited £500,000 in January 2020 after a point of sale computer system was compromised by a cyber attack, affecting some 14 million people.
The sale of credit card details from businesses: it’s estimated that data from some 23 million credit cards is for sale on the dark web. This may have come from various sources, including online stores checkout processes. It’s not just consumers’ cards that are targeted – company credit cards face all the same vulnerabilities. Marketplaces called Automated Vending Carts (AVCs) are used to sell credit card details without the buyer and seller needing to interact.
Protecting your business against dark web threats
There are dark web monitoring tools available that scan the dark web – or the bits of it they can reach – and alert you if your stolen data ends up there. However, this will only let you know about an attack that’s already happened. It can be far more effective to understand the cyber threats your business may face, and take steps to keep your data safe in the first place.
“Taking proactive action to avoid cyber-attacks will reduce your business’s vulnerability,” says Giles Taylor, Head of Data & Cyber Security, Lloyds Bank Commercial Banking.
“Understanding what the motives might be for attacking your business will help you protect your business.”
These are some of the steps businesses can take.
1) Cyber security awareness training
This is essential. Many cyber attacks are carried out using phishing – emails containing malware that, once in your system, can launch ransomware or steal information. Everyone in your company needs to know how to recognise malware – not just the IT department.
2) Password protocols
As well as using sophisticated passwords that change regularly, businesses should make use of two-factor authentication: a combination of passwords and a second factor, like a token or fingerprint.
3) Guidelines of employee internet use and email protocols
Employees can inadvertently compromise business cyber security by using the internet on work computers for personal use, so it’s important to have guidelines on what they can and can’t access. Any policy may also include rules on plugging employees’ personal devices into company computers. Having guidelines around emails – warning against clicking on links, for example – may also help protect your business.
4) Virtual private networks (VPNs)
A VPN hides your location and internet activity, so cyber criminals can’t access it.
Taking these precautions, keeping firewalls up to date, and regularly checking for security vulnerabilities will help keep your data safe from dark web threats.
5) Limiting the financial impact of a dark web attack on your business
Cyber attacks can be costly – not just in terms of cash flow and operational impact, but also because of customer churn and reputational damage. A well-rehearsed cyber response plan, a facility to contact customers in the event of a breach and a separate cyber insurance policy can all help mitigate impacts on costs.