14th November 2018 | Posted in Cyber Security
The internet can be considered in ‘layers’. The surface layer is known as the ‘clear web’ and is categorised as anything that is readily accessible by a search engine, such as Google or Bing. Examples include; news websites, retail websites and popular social media platforms.
The second layer is known as the ‘deep web’, and is not indexed, meaning it cannot be pulled up by a search engine. In essence, the deep web is information that is submerged beneath the surface web. Examples include; website archives, workplace, intranets, URL’s relating to online banking sites.
The final layer of the internet is known as the ‘dark web’ and has been highly publicised in recent times for being a hotbed of criminal activity, including activities such as the provision and sale of firearms, hitmen, drugs and indecent and obscene sexual imagery.
The dark web is different from the other areas of the internet, in that extensive, deliberate efforts are made to ensure that URL’s are undiscoverable by everyone except those that know the exact address. This is achieved by extensive encryption measures, and such websites are often known as ‘onion’ sites, owing to their multiple layers of encryption. This means that it is largely non-indexed, and requires advanced software to even attempt to do so. The reason for such a high level of secrecy is that many websites are host to illegal activity.
A rising trend on the Darkweb is the sale of confidential company information and intellectual property, from hackers and whistle-blowers alike. Typically, lists of corporate email credentials are found in long lists, either dumped in plain sight, or sold at an average cost of a few pence per email and associated password.
Many people use their corporate email address as a username across various websites. When data breaches occur, such as those that have taken place on Dropbox, LinkedIn and Uber, these details are stolen and then made available on the dark web. Your email address and password can also be listed due to a phishing email attack.
Often, these credentials are entered into software that automates login processes across multiple websites simultaneously; this is known as ‘credential stuffing’. More worryingly, there has been a rise in the use of corporate email credentials to access the corporate IT environment itself. Hackers will then review and monitor any email threads in which they see the opportunity to divert money due to be transferred to third party bank accounts, or obtain and subsequently extort the organisation for the return of its confidential information.
The GDPR has brought data privacy and security to the forefront of the public eye since its inception in May 2018. If an organisation’s domain is compromised and personally identifiable information (PII) is within the dominion of the perpetrator, huge fines can be incurred.
We possess advanced software capable of indexing, and then ‘trawling’ sections of the dark web. When targeted at a specific domain (e.g. “yourcompany.com”), a search is undertaken across areas of the dark web identified as relevant, such as ID Theft Forums.
Cyfor Secure offer ad-hoc scanning, as well as a monthly automated scanning service over a minimum commitment of 12 months.