Resources

WOLF & CO Insights Dark Web Monitoring: Secure Your Data

Dark Web Monitoring: Secure Your Data



Written by: Andy Lin

The cost of a data breach can be astronomical, affecting your relationships and integrity, diminishing reputation, and causing severe financial impact. If your company lacks the proper controls to mitigate an attack, crucial information could be stolen or leaked. Oftentimes, once information is stolen, bad actors place it on the dark web to trade or sell—leaving your company even more vulnerable to the negative effects of a breach.

The dark web is World Wide Web content that exists on overlay networks that can only be accessed on the internet with specific software, configurations, or authorization access. Complicated encryption layers make transactions on the dark web nearly untraceable, and allows for complete anonymity of the user—making it a hot spot for illegal activity, cybercriminals, and stolen data.

So how does your data end up on the dark web and how can that negatively affect you?

  1. Cybercriminals hack your systems to obtain confidential credentials and data
  2. Looking to make a profit, they place those credentials on the dark web to sell to other users
  3. Those users then utilize these credentials to:
  • Easily access your accounts for fiscal or informational gain
  • Locate any vulnerabilities in your organizations’ operating systems or security software to further exploit them
  • Gain information on your company’s overall footprint, including employee accounts, and partnership and private contracts

 

Over 15 billion stolen credentials are in circulation on dark web markets, which is up 300% since 2018, according to a report by Digital Shadows. Is your data for sale by malicious actors? Encompassing credentials, usernames, and passwords for online banking, social media, and music streaming service accounts, these credentials were gathered by malicious actors from over 100,000 data breaches.

But how do you know if your information is on the dark web, how can you prevent your information from getting there in the first place, and how can you keep these attacks from impacting you?

What is Dark Web Monitoring?

One way you can see if your controls are adequate, if you need to strengthen your cybersecurity framework, or if your information is on the dark web is through a tactic called dark web monitoring.

Dark web monitoring occurs when your company (or a third party) actively scans the dark web to see if any of your credentials or information were placed there or are for sale. Usually in the form of a software, this is an identity theft protection tool that crawls black market sites and alerts users if confidential information is found.

Some institutions use a “honeypot” technique in their monitoring process. An institution create lists of fake credentials on their systems and sites to specifically lure bad actors to try to access this information. They then wait to see if these hackers are able to infiltrate their systems, and scan the dark web to see if they were successful in uploading the information to the black market. This is one way companies test their security controls to see how they can reinforce them.

Yes, It Can Happen to You

If your company is extremely confident in their cybersecurity controls, and believes that it’s immune to hacking and that their information could never end up on the dark web, think again, because it might not be your organization that you have to worry about.

Many times, it’s not your company that gets hacked. Say your Employee B is a customer of Company A. Employee B has a password and username for Company A. Due to ineffective security controls, Company A gets hacked, and the hacker obtains the password and username of Employee B. These credentials are sold on the dark web to other hackers. Other hackers then try that same username and password on your site, and since it’s the same password, they successfully gain access.

In their latest Psychology of Passwords global report, LastPass by LogMeIn found blatant negligence of cybersecurity efforts by employees even though they know they should be more careful. According to the survey, 91% of people know that using the same password on multiple accounts is a security risk, but 66% continue to do it regardless. Even if your security controls are perfect, your employee’s negligence could be your company’s downfall, so it’s important to monitor the dark web for these credentials and continue to take the necessary steps to prevent your information from ending up there in the first place.

How Can I Stop My Information from Getting on the Dark Web

Your information is on the dark web because of an internet-based attack on your systems, so you need advanced cybersecurity controls to prevent these data breaches and mitigate their harmful effects. From enhanced vulnerability scanning, to Center for Internet Security (CIS) critical security controls and network security management, there are many ways to lockdown your systems against hackers—but in the end, it all comes down to implementing a strong cybersecurity framework.

Here are just some of the ways your organization can ensure the safety of its data.

  1. Put Your Controls to the Test

Test your incident detection and response procedures to ensure they’re effective. Would you know if someone is infiltrating your data? Are your mitigation strategies working to negate the effects of a possible breach? Penetration testing is an effective way to analyze your protocols. Conduct “purple team” exercises to see if you can adequately defend against attackers.

  1. End-Point Detection

Ensure you have end-point detections (EDR) tools to alert your teams of any suspicious or malicious activity found on workstations, cloud systems, laptops, or servers. Quick detection can lead to enhanced containment and avoidance of attacks.

  1. Network Monitoring Tools

Companies should upgrade from traditional log management practices to a more robust SIEM system with active event monitoring and correlation to identify cybersecurity risk. Your SIEM tool should provide holistic coverage—administering detection activities as well as providing response actions to prevent harmful damage if a threat is found. You should actively monitor your SIEM tool to keep up with the ever-present hazards, and ensure you’re conducting these scans on the inside as well as along the perimeter.

How Do I Mitigate Damage in Case of a Breach?

  1. Limit Account Access

Be extremely cognizant of all accounts with administrative rights, and only allow the bare minimum access for what you need to do your job. Use a secondary non-admin local user account for all daily activities. For malware to activate, it has to take advantage of certain administrative permissions. On many computers, the initial accounts have full administrative permissions as a default—meaning more chances for malware to activate. By limiting account privileges on most systems, you can mitigate the risk of malware execution.

  1. Use Multi-Factor Authentication (MFA)

According to the Psychology of Passwords, 53% of respondents admitted that they haven’t changed their password in the last 12 months, even after hearing about a data breach in the news, and 42% state that having a password that’s easy to remember is more important than having one that’s secure. Furthermore, 48% said that if it’s not required, they never change their passwords. These numbers are far too high. Enforcing strong password requirements among employees is crucial, and implementing multi-factor authentication is critical as it can severely lower your chances of data corruption. Also, ensure regular trainings are conducted to educate employees on the importance of proper password hygiene.

  1. Think About Your Customers

Like many people, your customers probably use the same passwords across accounts, companies, and systems—leaving their credentials extremely vulnerable to corruption and theft. If your customers are using the same credentials across platforms, bad actors will be able to steal them, use them on your site, and hack your systems. Think about what else your company is doing to authenticate its users. Are you requiring finger printing, challenge questions, or authentication emails to a known address? Some companies are even scanning the IP addresses of users logging into their accounts to scan for suspicious activity.

Conclusion

The dark web is a hacker’s playground—a place where they can earn money from exploiting your business and employees. Dark web monitoring is an extremely effective detection tool that could give your company crucial insight into your overall security infrastructure, and there are multiple ways your company can harden your security initiatives to prevent breaches and exploitation on the dark web.