Did you know that…when you use a search engine like Google, Bing (or even, dare we say it, Yahoo) you are literally only scratching the surface of the Internet? These common search engines only search 0.4% of the indexed Internet. So, what makes up the remaining 99.96%? Well some of that is databases, private academic and government networks, but a big part of it is made up of what is referred to as the Dark Web – the virtual underbelly of the Internet.
What is the Dark Web?
The Dark Web exists in the hidden layers of the deep web that regular you or I cannot access using conventional search engines. Online activity and websites on the Dark Web are untraceable, and the Dark Web can only be accessed using specific software and configurations. The Internet’s virtual underbelly, the Dark Web is home to stolen data, credentials and personal information, highly illicit goods and service trading, illegal and criminal activity, as well as organised and rogue cybercrime …and it’s big – 550 times BIGGER, in fact, than the surface web.
Why would the Dark Web affect me?
You’re an upstanding citizen, run a reputable business and are a model employee. The Dark Web has nothing to do with you, right?
Wrong.
The Dark Web plays host to networks of botnets, criminal chat rooms, blogs, websites, bulletin boards, peer-to-peer networks, forums, private networks and other black-market sites that deal in stolen credentials and personally identifiable information. Experienced a data breach? Then this is where your credentials might have been obtained to start with, or where your breached data has ended up!
Businesses Australia wide are facing a rising tide of cybercrime and data breaches. On average, Australian businesses each experienced 65 security breaches last year, with cybercrime costing Australian companies $AUD10.2 million in 2018 – a rise of 26 per cent since 2017.
This onslaught of cyber-attacks, most commonly metered out via phishing, keylogging, business email compromise, brute force attacks on weak passwords, and other forms of hacking, net the attackers valuable password, access and ID credentials, financial, legal and HR data, and even corporate and network data.
Malicious actors then use this data to cast a wider net and launch further attacks, and can maximise their return on investment, so to speak, by monetising their haul and trading victims’ breached credentials on the Dark Web. What we now know is that 76% of people typically use the SAME password for most, if not all, websites*. So, the malicious actors capitalise on this vulnerability by selling harvested credentials in the expectation they can be used to compromise other user accounts.
Here are some shocking Dark Web statistics* that demonstrate how massive this underground credentials trade is!
- 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords
- 85% of businesses with less than 1000 employees have been hacked and most don’t even know!
- 2 billion+ email account credentials and 850 million+ stolen personal information records (tax file numbers, drivers licence numbers, dob, etc.) are for sale on the Dark Web.
*IDAgent 2018
How do I know if my credentials have been harvested and on the Dark Web?
Firstly, whilst you do not need any special authorisation or license to access the Dark Web, you do require a special “TOR” browser and VPN/encrypted tunnel. We STRONGLY ADVISE AGAINST individuals attempting to access the Dark Web themselves.
There are ways, however, to find out if your credentials or those of your company have been previously “harvested” in a data breach or security compromise and put up for sale on the Dark Web. There are some pretty quick online tools individuals can use that can simply tell you if you’re credentials have been breached previously.
But for businesses where a breach of credentials could expose much more sensitive personal, business, financial data and IP, a more comprehensive, enterprise-grade Dark Web search will yield more detailed, actionable results.
Specialised Dark Web threat monitoring scans for signs of exposed or compromised email credentials and can uncover which email accounts in your business have been breached, the passwords associated with them, how they were breached/obtained by attackers and when. This is invaluable information for your business that will directly inform:
- IT Security decisions
- Business email usage policies
- Password policies
- Personal accountability for good password management practices and secure work practices.
With Dark Web scanning and monitoring services, we go INTO the Dark Web so you don’t have to, and help keep your credentials OUT!