Cyber Security Awareness
What is the Dark Web?

What is the Dark Web?

How much do you know about the Dark Web and the danger it poses to cybersecurity for businesses and organizations. October is Cyber Security Awareness Month.  

How familiar are you with the Dark Web? Do you know what it is or have you just heard it mentioned during crime shows? Knowing the danger that the Dark Web can cause your small business is the first step towards avoiding it. So, what is the Dark Web?

Here's an analogy to help you understand. You know how to shop for groceries and gasoline. But, what if your shopping list called for something else such as the login info for the account of local business' system administrator? Or what if you need other people's Social Security numbers? Or what if you wanted to apply for a line of credit in a stranger's name? Would you know where to go shopping for any of these items? Cybercriminals do — they shop for them on the Dark Web. In fact, it's possible that your personal information could be on the Dark Web for sale right now for as little as $3 per record.

What Exactly is the Dark Web?

The Dark Web is a portion of the much larger "deep web" or an extensive collection of websites that you can't reach through standard Internet browsers. Everyday internet users can only see the Clearnet, or standard internet that you're already familiar with. The Dark Web stays hidden through the use of overlay networks. These websites are built on a framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of information online. Which, when you consider how vast the corner of the internet you frequent is, is nothing short of terrifying.

How Does Your Information Get on the Dark Web?

Cybercriminals use a range of tactics to steal your information to sell it online. Before they advertise on the Dark Web, they need to obtain your info first. They can several strategies to steal your information.

• Phishing — Phishing emails are sent to large numbers of users simultaneously in an attempt to get sensitive information by posing as reputable sources, and often with legitimate-looking logos attached.
• Spear Phishing — This is a much more focused form of phishing used that requires more knowledge about the target or group.
• Executive Whaling — This is phishing or other cybercrime that's focused on top executives and administrators to siphon money from accounts or steal other confidential data.
• Social Engineering — Social media websites provide a wealth of information about a business's personnel including contact information, friends, connections, and ongoing business operations.

Other personal information that includes medical records, bank statements, school records, and private emails are all part of the Dark Web. To obtain access to this information, you need to have access to an overlay network using specialized software and passwords. These requirements protect the security of sensitive information, and blocks search engines from indexing it.

What Makes the Dark Web the Perfect Marketplace for Illegal Data?

The additional security of the Deep Web makes it attractive to anyone who wants their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these browsers is The Onion Browser, also known as TOR.

Cybercrime costs U.S. businesses billions of dollars each year. The majority of hacked information stolen from businesses ends up on the Dark Web for sale to corporate spies and/or identity thieves. However, the real danger is that it provides educational training ground and communication for hackers and would-be hackers. Although there is a lot of competition between hacking groups, they will still share techniques and assist each other.

The access to the ”tools of the trade” and the guidance given to help pull of successful hacks, scams or attacks are what make the Dark Web dangerous to businesses. Anyone with the time and inclination to learn how to steal data from businesses can find online tutorials, buy basic hacking software, and they're ready to steal from you. While you might not read about it in the headlines or hear about it on the news, small- and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.