By Dana Liedholm, VP Global Channel Programs at ID Agent
Many MSPs aren’t familiar with the dangers of the dark web, or even know what it is. If that’s the case, you aren’t alone — but you certainly don’t want to stay in the dark any longer because your small and midsize business clients are at high risk for high-cost cybersecurity breaches stemming from the dark web.
The dark web is a hidden universe contained within the “deep web,” a sublayer of the internet that is hidden from conventional search engines, like Google, Bing and Yahoo, which search only .04 percent of the indexed, or “surface,” Internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the dark web. The dark web is estimated to be 550 times larger than the surface web and growing. Because you can operate anonymously, the dark web holds a wealth of stolen data and hosts a range of illegal activity.
Criminals, typically aiming to profit from stolen credentials – an individual’s name and social security number, driver’s license number, medical or financial records – may hack into a user’s account with a stolen login and password, trick a user into downloading malicious software or otherwise gain access to a company’s or consumer’s valuable data..
Many times, exposure of employees’ personal credentials leads to a corporate breach, where a compromise can turn into a business catastrophe.
Regardless, once stolen data is posted for sale on the dark web, it is copied and distributed (resold or traded) to a large number of cyber criminals within a short period of time. It is generally implausible to remove data that has been disseminated within the dark web. Awareness is the next best thing, so customers can implement compensating controls. For this reason, it’s important for MSPs to help clients scour botnets; criminal chat rooms, blogs, websites and bulletin boards; peer-to-peer networks and forums; private networks and other black-market sites to identify stolen credentials and other personally identifiable information (PII). As an MSP, you should be monitoring the dark web and the criminal underground for exposure of your clients’ credentials to malicious individuals.
When a credential is identified on the dark web by a reliable service, it is harvested. Typically, data is harvested from sites like Pastebin, but it can originate from sites that require credibility or a membership within the dark web community to enter — like internet-relay chatroom (IRC) channels, private websites and Twitter feeds.
Here some questions clients may ask:
- Where might stolen data reside? Dark web chatrooms, where compromised data may be discovered in a hidden IRC; exposed on a hacked website or data dump site; in hidden forums within a dark web community; P2P file leaks, where compromised data can be leaked from a peer-to peer file sharing program or network; and social media posts, where compromised data can be found on a social media platform. Data harvested through botnets may rest on a command and control (C2) server.
- How was the data stolen or compromised in the first place? Data is first tested to determine if it is live/active. The compromised data is posted to prove its validity and then entered into a fictitious website or extracted through …… software designed to steal PII. It can also be exposed as part of a company’s internal data breach or on a third-party website. Compromised data can also be accidentally shared on a web, social media or peer-to-peer site, or it can be maliciously and intentionally broadcast to expose PII.
- How do I get on the dark web? Access requires the use of a TOR browser and should only be done using a VPN/encrypted tunnel. In general, we don’t recommend attempting to access the dark web without help from someone who understands the process.
- My data is in the cloud. Do I still need to worry? With many companies moving to cloud hosting, there is question about the security risk to a company’s IP in a cloud environment. There can be as much risk to your data within a cloud environment as there is when it resides locally within your own servers. Regardless of your clients’ environments, dark-web monitoring is still important to combat today’s sophisticated attacks.
- Dana Liedholm is VP, global channel programs at ID Agent, provider of dark-web monitoring for businesses and identity theft protection solutions for individuals. Dana brings over 20 years’ experience in global marketing and B2B partner development for SMBs and enterprises worldwide. She leads the team building for ID Agent’s partner ecosystem with the focused mission to help increase recurring revenues, profitability and customer retention for ID Agent’s partners.