Connect with us

Hi, what are you looking for?


Risk Management

Demystifying the Dark Web and Mitigating Risks

Monitoring a Variety of Data Dources is Important to Understand Threats, Vulnerabilities and How to Manage Risk

Monitoring a Variety of Data Dources is Important to Understand Threats, Vulnerabilities and How to Manage Risk

The dark web is a hot topic right now, particularly given the speculation and discussion about the future of dark web marketplaces. But for all the notoriety of these marketplaces, it is also important to remember that criminal activity isn’t limited to the dark web. It is an Internet-wide problem, and we may even see an uptick in activity on the open and deep web since Operation Bayonet and the takedowns of AlphaBay and Hansa. To fully appreciate this, let’s step back for a moment and consider the topography of the Internet. 

When most of us think of the Internet we think of the surface or open web, the portion of the web indexed by search engines. Yet this portion of the web only accounts for only a tiny level of the activity online. In reality, much of the activity on the Internet happens below the surface in an area called the deep web. This is where most online databases and other information reside, like the “private” portions of social media accounts, financial records, scientific reports, medical records, government resources, academic journals, etc. These assets are accessible through gateways that we know, all too often, are breached.

The final and smallest percent of the web is the dark web. These are the sites that are deliberately concealed from the rest of the web and Internet traffic. While we usually focus on the criminal activity happening on the dark web, there are also legitimate reasons to use dark web tools. For example, people living under oppressive regimes may use these tools to access information that is freely available to others, and journalists may frequent the dark web to communicate privately with sources. However, the fact remains, there is a large, digital, underground economy on the dark web that consists of illicit goods, compromised data, malicious software and cybercrime as a service tools, as well as knowledge and best practices for executing cyberattacks. 

The dark web isn’t only a place for illegal, online trade, it’s a valuable resource to understand how cybercriminals do what they do. We’ve seen law enforcement use this information to great success, bringing down dark web markets and creating a ripple effect of mistrust and fear that has hampered other markets from taking their place and new markets from emerging. This is leading to cybercriminals using alternative methods, many of which are legitimate tools, to conduct their business. For example, mainstream communication channels like Jabber, Internet Relay Chat (IRC), Skype, Discord and Telegram, along with forums dedicated to hacking and security, including paste sites and code repositories. If your digital assets and data have been compromised, they are just as likely to end up on the surface web or in deep web forums as they are on dark web markets.

While it may be tempting for organizations to take it upon themselves to determine the extent of their information exposed in the underground digital economy and seek attribution, engaging in such activity can present even more risk if not done with extreme caution. A better investment of your time is to establish a trusted relationship with law enforcement and leave that work to highly trained professionals. Instead, focus more of your resources on creating a threat model that will allow you to better understand the threats your organization faces.

Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats. Typically, the process consists of:

Advertisement. Scroll to continue reading.

1. Defining an organization’s assets – critical business processes, high-value systems, intellectual property (IP), etc.

2. Identifying which systems comprise those assets – for example, databases, Enterprise Resource Planning (ERP) systems, and more.

3. Creating a security profile for each system – this includes which security controls are currently used to protect the identified software applications, such as, firewalls, Endpoint Detection and Response (EDR) systems, web proxies, etc. and which known vulnerabilities are present.

4. Identifying potential threats – hacktivists, cyber criminals, freelancers, nation states, a disgruntled employee, etc.

5. Prioritizing potential threats and documenting adverse events and the actions taken in each case – this is accomplished by working from known examples of documented attacks and internal risk concerns, and attempting to foresee what the organizational impact of particular threats could be.

With a threat model in place, you can match the highest severity risks to appropriate tactics, techniques and procedures (TTPs) of threat actors. This helps to target security controls and hardening measures – used for mitigation and remediation – that you need to put in place in your organization.

Criminal forums exist everywhere, so focusing exclusively on the dark web won’t give you a comprehensive view of your digital risk. And now with the trend among cybercriminals to use alternative methods to conduct illegal, online trade, monitoring a variety of data sources across the Internet is even more important as you strive to understand the threats, vulnerabilities and how to manage risk.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.