What is the dark web, and how is it used to put your credentials and data at risk? Here are the key takeaways from our webinar with WatchGuard on the dark side of the dark web.
What is the dark web?
The part of the web we use every day is known as the surface web. It consists of web pages that we can easily access via a search engine. In contrast, the dark web is made up of intentionally hidden pages inaccessible to normal browsers, and often requires special software and browsers to access, such as The Onion Router (TOR).
When using TOR, the client and server can’t see each other’s IP addresses, while layers of encryption (like an onion!) are added to information so that it remains inaccessible to anyone in the middle of a connection.
The dark web is a host for both legitimate and illegitimate entities. While even the BBC and Facebook have a presence, so do illegal marketplaces. It is on these marketplaces that data such as tax file numbers, medical records, passports, financial details, intellectual property and password dumps are sold.
But what is the cost of dark web exposure and why would my company be targeted?
The reality is that every company no matter how small has something valuable for cyber criminals: information about employees, customers or other businesses. The cost can include the value of the stolen information itself, or the clean-up process after an attack, such as reparations to customers, or the loss of a company’s reputation. The consequences can continue for years after the breach.
For a small company this could be enough to go out of business.
Unfortunately companies aren’t good at detecting data breaches. According to the Ponemon Institute’s 2020 Cost of Data Breach Report, in Australia it takes on average 9 to 10 months between the point of data breach to the total removal of attackers from a network.
Companies spend more money on preventing attacks, such as anti-malware software and firewalls, than they do on software that detects an attack once it is underway. Typically a company will find out there has been a breach once attackers have already squandered the network, placed attacks on employees, customers and/or vendors, disabled network backups and planted ransomware.
How cyber criminals get your data
The most common way that attackers hack into networks is through stolen usernames and passwords from the dark web.
Breaches using stolen credentials have occurred across devices, including internet routers, IOT devices like smart doorbells or baby monitors, to enterprise VPN services.
Others ways to steal credentials include methods such as spear phishing. Phishing attacks can be crafted to a specific company or person, where a their online presence is used to build a profile, and then create an email that appears relevant to that person. That person may then click on a link and accidentally install a trojan, or login to a fake website. These days such links can appear valid – they may contain the user’s email address or a realistic host server such as Microsoft.
It is no longer enough to just hover a mouse over a link to see if it’s valid. Best practice is to treat everything with scepticism, and think critically about the content and context of the email.
Once an employee is tricked into providing their credentials, the attacker is able to penetrate through all the layers of security protecting the network.
Another method attackers use is to pick the most commonly used passwords and spray them across the internet – such as ‘password1234’. They will go to common sites and see if users are reusing their passwords. If they gain control of remote computers, they can steal passwords if they are saved to a browser.
Accounts that use simplistic, old or repeated passwords are more likely to be breached.
Defending your data
In order to adequately protect your data, other than strong passwords, is to have multiple layers of security, both at the stage of intrusion prevention, and defence following intrusion.
Phishing and account takeover defence can include:
- Multi factor authentication
- Phishing awareness training
- DNS firewalling
- Advanced malware protection
Additionally, WatchGuard’s Dark Web Scan tool allows users to scan usernames and email addresses, and see if these accounts have been breached and exposed to the dark web.
Get in touch
When your credentials have been stolen, there is a chance they will end up exposed on the dark web, and cause considerable damage to your business.
Contact us at Systemnet and we can help safeguard your business from exposure to the dark web.
You can register to watch a recording of the webinar by clicking below.WATCH THE WEBINAR