-
March 04, 2019
-
Corporations that know how to monitor the global platform often used for evil can protect themselves from cyber attack.
The ominous-sounding “dark web” is often associated with criminal activity, and there is no denying that it is used as a platform for illicit purposes. But it also has features that can be used to your advantage, specifically concerning cybersecurity. Before jumping into the details, however, it’s important to understand what the dark web is and how it works.
The Dark Web Defined
The dark web is a small part of the larger "deep web" which is the portion of the web not indexed by search engines. The dark web is predominately comprised of online forums where users can interact and communicate in relative anonymity. It cannot be accessed by typing an address into your web browser. Instead, users must download specialized software such as Tor, a web browser that masks IP addresses and cannot be connected to a specific user or machine. Access also requires specific configurations and authorization, which help add additional layers of anonymity.
The dark web can be thought of like an iceberg: Only a tiny amount is easily visible, with the majority hidden below the surface. It contains endless information compared to what can be found on the “normal” internet, but you must know where to look, because it’s hidden.
The unidentifiable nature of the dark web has positive qualities — such as giving users in countries where the internet is censored access to sites or content that would otherwise be prohibited. But that same anonymity also empowers nefarious actors.
Cyber criminals use the dark web to coordinate attack plans, sell stolen data and share private organizational or personal information. If a company suffers a cyber breach, for instance, the place where the data is most likely to appear is on the dark web — either for sale or to be shared with other cyber criminals. There are even conversations about successful attacks posted to the platform’s discussion forums, which leads to repeat targeting of the same companies. As an example, information about a business that was hit by a ransomware attack and has chosen to pay the ransom will be shared so that malicious actors can go at them again with confidence that they will pay once more.
Improve Defense by Going on the Offensive
The dark web is just one aspect of a global rise in the sophistication of cyber threats that points to the need for organizations to reconsider how they protect their critical assets. Relying on strictly defensive practices is no longer adequate for ensuring network security. Risk management needs to go beyond assessing internal networks for vulnerabilities and protecting data within a company firewall.
Passive threat monitoring only determines if an incident such as a breach or unauthorized access has already occurred, or if a vulnerability exists. Detecting an attack before it can happen flips the script. This is where the idea of using the dark web for proactive defense comes into play. Going on the offensive and actively gathering external threat intelligence enables organizations to get ahead of potential risks.
Use the Dark Web as a Resource
Monitoring the dark web can help organizations identify previously unknown vulnerabilities, such as unsecured databases, data stolen from one company and used to infiltrate another, or insiders who are leaking intellectual property or sensitive information. Discovery of this data enables organizations to analyze the information and take appropriate steps to either mitigate the risk or neutralize the threat entirely before it develops into a full-blown attack.
Intelligence collection can also reveal whether stolen organizational or personal information already exists on the dark web. This detection is beneficial in a few ways:
- If the data consists of an organization’s processes and procedures that could be used for an attack, the entry point — or means to conduct the attack — is now revealed and can be defended against.
- If the information is a database of stolen private data or information, steps can be taken to remove it to prevent its spread. Tomorrow’s headlines read much better when a company identifies compromised customer information and deletes it, versus becoming the latest victim to suffer a breach without knowing anything about it.
Regardless of the type of information detected, the sooner that stolen data is identified (or, in other words, a breach has occurred), the less chance nefarious actors have to cause destruction. Narrowing the time between when a breach first happens and when it is first discovered is critical.
Identifying the Criminals
Valuable insights into the hacker world can also be gleaned by monitoring the dark web. Threat intelligence on what or who hackers are targeting and the type of data they are coveting or selling enables organizations to enact corresponding defensive measures. Taking proactive steps based on gathered intelligence will enhance an organization’s security posture and mitigate threats.
The dark web can also aid in the often difficult process of attribution, or identification of an attacker, following a breach. Because cyber criminals share insights into their successful breaches, this intelligence can help identify both how the organization was breached (e.g., ransomware used to steal credentials), and the actors themselves. Companies can retain this valuable information for preventing future incidents, retrieving stolen information and potentially prosecuting the accused.
Turn the Tables
When it comes to cybersecurity, your work is never done. The issues you face today will change, and with that, your cybersecurity policies and procedures should be continually assessed and updated as needed to meet the challenges. Threats evolve and so should your defense. Adding dark web threat intelligence collection to your already existing policies and programs is a major asset that is often overlooked. But it can put your opponent’s playbook into your hands.
When you know what’s coming, it’s easier to be ready to defend your domain.
© Copyright 2019. The views expressed herein are those of the author and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals.
About The Journal
The FTI Journal publication offers deep and engaging insights to contextualize the issues that matter, and explores topics that will impact the risks your business faces and its reputation.
Related Insights
Published
March 04, 2019
Key Contacts
Senior Managing Director, Head of EMEA Cybersecurity