Just like in the physical realm where there are some spots that are best not visited, the world wide web too has dark area, which is known as the dark web.
The dark web is a part of the Internet that isn’t indexed by search engines and as you guessed right, it is where criminal activities take place.
Rajeev Shukla – from Castellum Labs – a known industry expert in cyber security and well-recognized for his thought leadership, took the participants at the Cyber Security Asia 2021 symposium, on a journey into the dark and tried to shed some light upon this topic. And it was rather enlightening as many people are bewildered that their data has made it into the dark web.
What is the Dark Web?
Have you ever received a call from a financial institutions or property developer, when you don’t remember sharing your details with some of the brands? If you answered yes then most likely your data was compromised and it was available for the taking. Rajeev revealed that 28% enterprises stolen data was on the dark web and information is obtained from platforms such as shopping, banking, healthcare, education, and e-commerce.
Some of the enterprise data sold on the dark web are user credentials which make up 59 per cent, while 24% is attributed to bank card details, and scanned copies of docs makes up the remaining 17 per cent. The scary figure was revealed when Rajeev exclaimed “there are roughly a million new records that appear on dark web marketplaces every day.”
Types of Data Made Available
According to Rajeev, there are four types of enterprise data. They are credential dumps, system & network access data, confidential documents, and customer credit card data. And the way that these data makes its way to the dark web is that it could be stolen by hacker or an employee. And from there, feelers are placed on dark web chat forums. Once it is made available, these data would be purchased by malicious actors or operators. Lastly, these data would be harvested for marketplace listing.
The Billion Dollar Question
Can one monitor the dark web proactively? The answer is yes BUT it is hugely challenging to actively monitor it 24/7. Some of the data that one can monitor are stolen data that comprise of credentials, confidential files, executive access data, and network & system data. Threat sources too can be monitored, and these would include harvested credentials, custom malware, custom ransomware, and harvested system & network data. And lastly, one could monitor the dark web for malicious actors, and these would be criminals asking for your data, inquiries about system access, and hackers looking for custom malware.
Though dark web can be monitored the challenges that await are data volume, unpredictability of sources and asset, as well as accessibility and observe-ability.
So now that you know it can be monitored, what do you do when you find your data on the dark web? The first thing you need to know is that timely detection is key. Once you have established that, you can take internal actions, regulatory preparations, regulatory notifications, media or crisis communication, and lastly a take down which is rarely done as it is huge operation to conduct and involves different agencies.
Follow us on ESPC2GO for updates and news on Cyber Security Asia 2021.