The Dark Web is a hotbed of criminal activity and the sale of stolen business credentials is rife. Has your company data been exploited?
The layers of the internet
The internet can be considered in ‘layers’. The surface layer is known as the ‘clear web’ and is categorised as any website or platform that is readily accessible by a search engine, such as Google or Bing. Examples include news websites, retail websites and social media platforms. The second layer is known as the ‘deep web’ and is not indexed, meaning it cannot be pulled up by a search engine. In essence, the deep web is information that is submerged beneath the surface web. Examples include; website archives, workplace, intranets, and URLs relating to online banking sites. The final layer of the internet is known as the ‘dark web’ and has been highly publicised in recent times for being a hotbed of criminal activity, including activities such as the provision and sale of firearms, hitmen, drugs and indecent and obscene sexual imagery.
What is the Dark Web?
The dark web is different from the other areas of the internet, in that extensive, deliberate efforts are made to ensure that URLs are undiscoverable by everyone except those that know the exact address. This is achieved by extensive encryption measures, and such websites are often known as ‘onion’ sites, owing to their multiple layers of encryption. This means that it is largely non-indexed, and requires advanced software to even attempt to do so. The reason for such a high level of secrecy is that many websites are host to illegal activity.
A rising trend on the Darkweb is the sale of confidential company information and intellectual property, from hackers and whistle-blowers alike. Typically, lists of corporate email credentials are found in long lists, either dumped in plain sight or sold at an average cost of a few pence per email and associated password.
How are your details harvested?
Many people use their corporate email address as a username across various websites. When data breaches occur, such as those that have taken place on Dropbox, LinkedIn and Uber, these details are stolen and then made available on the dark web. Your email address and password can also be listed due to a phishing email attack.
How are your credentials used?
Often, these credentials are entered into software that automates login processes across multiple websites simultaneously; this is known as ‘credential stuffing’. More worryingly, there has been a rise in the use of corporate email credentials to access the corporate IT environment itself. Hackers will then review and monitor any email threads in which they see the opportunity to divert money due to be transferred to third party bank accounts, or obtain and subsequently extort the organisation for the return of its confidential information.
Further implications of a data breach
The GDPR has brought data privacy and security to the forefront of the public eye since its inception in May 2018. If an organisation’s domain is compromised and personally identifiable information (PII) is within the dominion of the perpetrator, huge fines can be incurred.
How can CYFOR Secure help?
We possess advanced scanning and monitoring software capable of indexing, and then ‘trawling’ sections of the dark web. When targeted at a specific domain (e.g. “yourcompany.com”), a search is undertaken across areas of the dark web identified as relevant, such as ID Theft Forums. We can then find out if your digital credentials have been breached!
Our cyber security experts can provide a report detailing the following:
- Total Number of records (sets of credentials) found.
- The date that the records were uploaded to the dark web.
- The email and associated passwords themselves.
- Source of record (e.g. ‘ID Theft Forum’, ‘Social Media’ etc.).
- Type/circumstance of the breach (e.g. ‘website breach’, ‘phished’ etc.).
- Where applicable, the website that was breached in order to obtain the record.
- PII Hits – Details around what information was supplied alongside the records.