Enemy Unseen – Part II: Why Dark Web Monitoring Is Essential

Reading time: 9 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

In the first part of our article, we learned what the dark web is, and why a growing number of cybersecurity experts and law enforcement agencies have started to monitor it. In this part, we focus on the impact the dark web can have on your enterprise’s assets and reputation.

A Secret Base for Cyber Attackers

A 2019 study claimed the number of dark web listings that could harm an enterprise had risen 20% since 2016. In fact, 60% of all the existing listings, excluding those for drug sales, had the potential to harm an enterprise. This was indeed grim news for the cybersecurity community.

Aside from supporting unregulated product trade, the dark web also hosts a fledgling market for those looking to buy stolen data, and it’s one of the best hiding spots for cyber attackers. This issue has become so prevalent that it is now thought that 75% of all vulnerabilities are disclosed on the dark web before being published in the NVD (National Vulnerabilities Database).

And vulnerabilities are just the tip of the iceberg. Here are just some of the dangers that lurk behind the cover of encryption:

Trojans, keyloggers, and exploits that can be easily sold to any attacker. It is important to know of their existence as a security expert so you can safeguard your clients and company. At one point, the dark web even hosted a specialized market that aimed to sell only „high-quality exploits”.

Access credentials and personal data, revealed as a result of known or unknown data breaches. Even now, data from the Equifax breach is still available on the dark web, while just last month a breach resulted in 600,000 addresses being sold in the same way.

Phishing tools and advanced phishing tutorials, especially since many hacker groups use the dark web as a training camp. Dark web sites are also a gateway to the acquisition of such services, including those destined for corporate espionage.

Protected intellectual property, financial data and trade secrets, usually leaked from data breaches and now sold to the highest bidder.

General system vulnerabilities but also system-particular ones, such as zero-day exploits or vulnerabilities in the infrastructure of certain large companies.

Botnets and their command and control servers can also be hosted on the dark web, safe from outside scrutiny and scans.

Cryptocurrency-related markets and mining operations are also thriving on the dark web, especially because cryptocurrency is unregulated by state laws. This also includes the dissemination of cryptojacking software.

A wide collection of malware, from fraud-related scripts that imitate legitimate websites to on-demand DDoS attacks or customized malicious software.

What does this mean for your business? Well, it means that, while you’re busy with the countless alerts and potential attacks coming from regular sources, new, undetected malware might be developed in the dark web, ready to use zero-day vulnerabilities against your infrastructure.

Worse yet, you or your clients might have had a case of data exfiltration or breach in the past and no way of knowing if somebody is already using that data on the dark web.

Dark web threats can be a danger to your infrastructure, data, and operations, but also to your brand’s reputation. This is why dark web monitoring is essential.

The Power of Dark Web Monitoring

The problem with keeping an eye on the dark web is that you need specialized software to do so, as well as serious insider knowledge. Luckily, more and more threat intelligence services offer dark web monitoring, allowing your security team to fully understand the dark web landscape and prepare for it, rather than chase hidden websites on its own.

Dark web monitoring can scan the far reaches of the Internet looking for essential indicators of compromise, but also for upcoming threats.

The capabilities of such a service often include:

  • Searching for your company’s or your client’s PII (Personal Identifiable Information) and reporting any traces of it on dark web sites.
  • Searching for any company assets that may have leaked, including intellectual property, access credentials (compromised passwords), and bank accounts.
  • Searching for any mention of your company in relationship with vulnerabilities or potential attacks.
  • Searching for any connection between your existing partners and malicious dark web activity.
  • Offering a broad view of the newest and least-studied threat actors and their methods.
  • Anticipating attacks aimed at your company or industry segment or identifying the sources of potential DDoS attacks.
  • Understanding not just attackers’ methods but also their intentions, and allowing your security team to boost your defences.

These techniques are used to produce easy-to-understand threat intelligence feeds, security alerts, or e-mail alerts. Coupled with a strong network security suite and data encryption, they can prove to be a formidable ally against threats originating in the dark web.

With all its encryption and secrecy, the dark web’s security can and has been compromised numerous times, especially since law enforcement agencies already have a tight grip on some of its actors. Furthermore, the same technologies that make it secure (encrypted connections, untraceable and unindexable websites) also make it very slow and fragmented, allowing competent tools to gather valuable information over time.

In other words, as hidden and protected this part of the Internet looks, it is nothing a good Threat Intelligence solution cannot handle.

Bitdefender Advanced Threat Intelligence

Displaying the industry’s highest detection rates and powered by a network of over 500 million systems, Bitdefender Advanced Threat Intelligence can deliver an accurate, up-to-date collection of real-world data about all types of threats.

This includes protection against advanced threats such as evasive malware, APTs, zero-day exploits, and Command & Control servers, as well as against the dangers of the dark web. Our solutions can help you perfect your business architecture or consolidate your clients’ defenses, and accelerate incident response and boost forensic capabilities.

This means you will be able to detect threats before they strike, and efficiently respond to breaches. With end-to-end visibility into all Indicators of Compromise and with machine learning technologies backing your team up, nothing escapes your sight.

Our Advanced Threat Intelligence solution focuses on delivering real-time insights to Managed Security Service Providers (MSSPs), Managed Detection & Response companies (MDRs), security consulting and investigations firms, as well as large enterprises with a Security Ops Center (SOC).

So why not shed some light on the dark web and contact our consultants today?