The Dark Web: Why Your Organisation Should Be Monitoring Activity

14th November 2018 | Posted in Cyber Security

The Dark Web is a hotbed of criminal activity, especially for the sale of stolen business credentials. Has your company data been exploited? 

The internet and its structure

The internet can be considered in ‘layers’. The surface layer is known as the ‘clear web’ and is categorised as anything that is readily accessible by a search engine, such as Google or Bing. Examples include; news websites, retail websites and popular social media platforms.

The second layer is known as the ‘deep web’ and is not indexed, meaning it cannot be pulled up by a search engine. In essence, the deep web is information that is submerged beneath the surface web. Examples include; website archives, workplace, intranets, URL’s relating to online banking sites.

The final layer of the internet is known as the ‘dark web’ and has been highly publicised in recent times for being a hotbed of criminal activity, including activities such as the provision and sale of firearms, hitmen, drugs and indecent and obscene sexual imagery.


What is the Dark Web?

The dark web is different from the other areas of the internet, in that extensive, deliberate efforts are made to ensure that URL’s are undiscoverable by everyone except those that know the exact address. This is achieved by extensive encryption measures, and such websites are often known as ‘onion’ sites, owing to their multiple layers of encryption. This means that it is largely non-indexed, and requires advanced software to even attempt to do so. The reason for such a high level of secrecy is that many websites are host to illegal activity.


A rising trend on the Darkweb is the sale of confidential company information and intellectual property, from hackers and whistle-blowers alike. Typically, lists of corporate email credentials are found in long lists, either dumped in plain sight, or sold at an average cost of a few pence per email and associated password.


How are your details harvested?

Many people use their corporate email address as a username across various websites. When data breaches occur, such as those that have taken place on Dropbox, LinkedIn and Uber, these details are stolen and then made available on the dark web.  Your email address and password can also be listed due to a phishing email attack.


How are your details used?

Often, these credentials are entered into software that automates login processes across multiple websites simultaneously; this is known as ‘credential stuffing’. More worryingly, there has been a rise in the use of corporate email credentials to access the corporate IT environment itself. Hackers will then review and monitor any email threads in which they see the opportunity to divert money due to be transferred to third party bank accounts, or obtain and subsequently extort the organisation for the return of its confidential information.


Further implications of a data breach

The GDPR has brought data privacy and security to the forefront of the public eye since its inception in May 2018. If an organisation’s domain is compromised and personally identifiable information (PII) is within the dominion of the perpetrator, huge fines can be incurred.


How Can CYFOR Secure Help You?

We possess advanced scanning and monitoring software capable of indexing, and then ‘trawling’ sections of the dark web. When targeted at a specific domain (e.g. “”), a search is undertaken across areas of the dark web identified as relevant, such as ID Theft Forums. We can then find out if your digital credentials have been breached!


CYFOR Secure can then provide a report detailing the following:

  • Total Number of records (sets of credentials) found
  • The date that the records were uploaded to the dark web
  • The email and associated passwords themselves
  • Source of record (e.g. ‘ID Theft Forum’, ‘Social Media’ etc.)
  • Type/circumstance of the breach (e.g. ‘website breach’, ‘phished’ etc.)
  • Where applicable, the website that was breached in order to obtain the record
  • PII Hits – Details around what information was supplied alongside the records.


CYFOR Secure offer Dark Web Monitoring services – contact our team to find out more


Get a Free Consultation for your Business


    0330 133 1250

    CYFOR Secure
    PO Box 266
    M24 0BY

    0330 133 1250

    CYFOR Secure
    PO Box 266
    M24 0BY