Security Experts:

Connect with us

Hi, what are you looking for?



Top Reasons to Pay Attention to the Dark Web

By Understanding the Dark Web, You Can Take a Proactive Approach that Helps Reduce Uncertainty and Improves Overall Cyber Resiliency

By Understanding the Dark Web, You Can Take a Proactive Approach that Helps Reduce Uncertainty and Improves Overall Cyber Resiliency

The anonymity offered by the Dark Web, accessed by TOR, creates a safe-haven for malicious actors and criminals. These are the same bad guys that have, or likely will soon, launch a cyberattack on your organization. With the seemingly endless list of security-should-do’s, there are three practical reasons why you need to include Dark Web intel in your mix.

When it comes to gathering intelligence on the Dark Web, what you’re really doing is quantifying what is being sold on the black market. Let’s start with the what. There isn’t a day that goes by that we don’t see commodities for sale that include customer email lists, credit card information, personal and healthcare information, fraudulent identities, product blueprints, exploits and vulnerabilities for sale and much more.

Dark Web CybercrimeThrough this intelligence gathering, you’re also seeing who the commodity was stolen from. Was it Home Depot? How about a government agency? Or maybe your credit union competitor was breached and now their credit cards are for sale? Either way, it should cause you to pay attention.

Knowing this information is much more than simply interesting; it’s foundational to what your security team does next and how you adjust your cybersecurity investments. It provides an immediate understanding of the current target profile of relevant threat actors and the specific vulnerabilities being exploited. In short, you know what is happening to whom, and how. What else will it tell you?

1. Discover unknown weaknesses. Intelligence gathered from Dark Web markets has the potential to reveal unknown weaknesses in security controls that would otherwise be overlooked. This information can be used to help prioritize cybersecurity program elements ranging from mitigation to countermeasures. It can also be used to prioritize security patching operations. For example, if you have 10 scheduled security patches to apply and you know that one particular vulnerability is actively being exploited by threat actors, then this information is valuable and can save you from a security incident.

2. If it happens to your competitor, you could be next. Dark web intelligence can be used to investigate victims that are similar to your organization and, therefore, you could be next. Cyber threat intelligence analysts can gain a better understanding of the targeted technologies and inform management. By focusing the avalanche of intelligence to your organization’s specific profile and technologies, security leaders can then feed this intelligence into the organization’s cyber program and proactively stay ahead of exercised vulnerabilities.

3. Learn the bad guys’ moves. Cyber criminals have digital footprints too. These footprints include their patterns, motives, attempted and successful threat vectors, and activities. Armed with this enhanced understanding, you can better assess your current security posture and make proactive adjustments based on the relevancy of active threats.

There are good reasons for taking advantage of Dark Web intelligence but we should also explore the challenges of collecting it. While organizations can certainly explore conducting Dark Web surveillance and intel on their own, many choose not to because it’s a blind spot in their overall security program or because of the inherent risks of accessing this information and the unknown legal risks that it may pose.

In addition to the potential legal risks, there are moral issues that have to be addressed by senior management and their employees. Asking an employee to interact with criminals is something that has never been dealt with before in the business world until now. This is unchartered waters for security and business leaders.

Dark web intelligence can be practical in the sense that you can gain visibility to stolen or breached information in a quick and efficient manner as opposed to waiting to be notified by external parties or the authorities. This alone has the ability to significantly reduce the time to discovery for breaches and lessens impacts to your organization. Knowing that your information has been breached is the first step in kicking off your incident recovery process.

By understanding your adversaries’ activity on the Dark Web – and using that intelligence to decipher their methods and minimize your risks – you can take more of a proactive approach that helps reduce uncertainty and improves overall cyber resiliency. You can better position your security defenses and, as an added bonus, provide a better return on investment for security controls and countermeasures.

RelatedGlobal Law Enforcement Strikes Deep Into ‘Dark Web’

Related: The Dark Web: One Thing Always Leads to Many, Many Others

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.