Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Demystifying the Dark Web and Mitigating Risks

Monitoring a Variety of Data Dources is Important to Understand Threats, Vulnerabilities and How to Manage Risk

Monitoring a Variety of Data Dources is Important to Understand Threats, Vulnerabilities and How to Manage Risk

The dark web is a hot topic right now, particularly given the speculation and discussion about the future of dark web marketplaces. But for all the notoriety of these marketplaces, it is also important to remember that criminal activity isn’t limited to the dark web. It is an Internet-wide problem, and we may even see an uptick in activity on the open and deep web since Operation Bayonet and the takedowns of AlphaBay and Hansa. To fully appreciate this, let’s step back for a moment and consider the topography of the Internet. 

When most of us think of the Internet we think of the surface or open web, the portion of the web indexed by search engines. Yet this portion of the web only accounts for only a tiny level of the activity online. In reality, much of the activity on the Internet happens below the surface in an area called the deep web. This is where most online databases and other information reside, like the “private” portions of social media accounts, financial records, scientific reports, medical records, government resources, academic journals, etc. These assets are accessible through gateways that we know, all too often, are breached.

The final and smallest percent of the web is the dark web. These are the sites that are deliberately concealed from the rest of the web and Internet traffic. While we usually focus on the criminal activity happening on the dark web, there are also legitimate reasons to use dark web tools. For example, people living under oppressive regimes may use these tools to access information that is freely available to others, and journalists may frequent the dark web to communicate privately with sources. However, the fact remains, there is a large, digital, underground economy on the dark web that consists of illicit goods, compromised data, malicious software and cybercrime as a service tools, as well as knowledge and best practices for executing cyberattacks. 

The dark web isn’t only a place for illegal, online trade, it’s a valuable resource to understand how cybercriminals do what they do. We’ve seen law enforcement use this information to great success, bringing down dark web markets and creating a ripple effect of mistrust and fear that has hampered other markets from taking their place and new markets from emerging. This is leading to cybercriminals using alternative methods, many of which are legitimate tools, to conduct their business. For example, mainstream communication channels like Jabber, Internet Relay Chat (IRC), Skype, Discord and Telegram, along with forums dedicated to hacking and security, including paste sites and code repositories. If your digital assets and data have been compromised, they are just as likely to end up on the surface web or in deep web forums as they are on dark web markets.

While it may be tempting for organizations to take it upon themselves to determine the extent of their information exposed in the underground digital economy and seek attribution, engaging in such activity can present even more risk if not done with extreme caution. A better investment of your time is to establish a trusted relationship with law enforcement and leave that work to highly trained professionals. Instead, focus more of your resources on creating a threat model that will allow you to better understand the threats your organization faces.

Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats. Typically, the process consists of:

1. Defining an organization’s assets – critical business processes, high-value systems, intellectual property (IP), etc.

Advertisement. Scroll to continue reading.

2. Identifying which systems comprise those assets – for example, databases, Enterprise Resource Planning (ERP) systems, and more.

3. Creating a security profile for each system – this includes which security controls are currently used to protect the identified software applications, such as, firewalls, Endpoint Detection and Response (EDR) systems, web proxies, etc. and which known vulnerabilities are present.

4. Identifying potential threats – hacktivists, cyber criminals, freelancers, nation states, a disgruntled employee, etc.

5. Prioritizing potential threats and documenting adverse events and the actions taken in each case – this is accomplished by working from known examples of documented attacks and internal risk concerns, and attempting to foresee what the organizational impact of particular threats could be.

With a threat model in place, you can match the highest severity risks to appropriate tactics, techniques and procedures (TTPs) of threat actors. This helps to target security controls and hardening measures – used for mitigation and remediation – that you need to put in place in your organization.

Criminal forums exist everywhere, so focusing exclusively on the dark web won’t give you a comprehensive view of your digital risk. And now with the trend among cybercriminals to use alternative methods to conduct illegal, online trade, monitoring a variety of data sources across the Internet is even more important as you strive to understand the threats, vulnerabilities and how to manage risk.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.