Josh Lefkowitz looks at the issue of the dark web for businesses, the dangers it poses and how these dangers can be mitigated., Security
Josh Lefkowitz looks at the issue of the dark web for businesses, the dangers it poses and how these dangers can be mitigated. The deep and dark web is a playground for the bad guys. It’s the place cyber-criminals, terrorists and all manner of other illicit actors go to communicate, sell ill-gotten wares, and generally compete as to who can cause the most destruction. Businesses need to be aware of and understand the deep and dark web as they can easily become a target. Most hacks and breaches are intertwined with the deep and dark web somehow and often it is financial information that is sold. Recently, a popular restaurant and event listing service was hacked and 17 million accounts were listed for sale on the dark web. Also, gamers, shoppers and app users have faced the worrying prospect of having their details sold on the dark web. The main threats posed by the deep and dark web can be broken down into three main concerns: Wherever people congregate, they talk. Although cyber-criminals like to compete, they do also very often share best practices in the way that many other communities do. It is this information sharing that makes the deep and dark web so dangerous for businesses. As our research into cyber-criminal communications strategies shows, there is an interconnected, agile nature to the cyber-criminal ecosystem. Regardless of their language, skills, location or affiliation, cyber-criminal groups tend to share a strong desire to reap the benefits of cross-community collaboration, information sharing, and even mentorship. The deep and dark web provides a way for cyber-criminals to monetise the crimes they commit, which will be illustrated in the case study below. Often the exchange is data for Bitcoins but it can take a wide variety of forms. At its simplest, however, the deep and dark web acts as a marketplace for cyber-criminals. The deep and dark web provides an anonymous and fairly safe place for cyber-criminals and terrorists to communicate. Many do choose to communicate this way as research we have done shows. Cyber-criminals communicate and collaborate through illicit forums on the Deep and Dark Web. New forums continue to emerge, and old forums continue to attract new members. However interestingly, our research, conducted into cyber-criminal communications strategies, showed that Skype is the preferred communications platform across the globe. Skype was among the top five messengers in all of the language groups (Russian, Spanish, French, Arabic, Chinese, Persian/Farsi and English) . Gift card fraud is one potent example of a type of crime conducted largely on the deep and dark web. Given the popularity of non-carded gift cards among cyber-criminals, cyber-criminals with strong methods for obtaining valid gift card information can quickly rise to prominence in the cyber-criminal underground. Unfortunately security measures around gift cards are often poor. The rising frequency and relative ease of these fraudulent tactics have led criminal gift card vendors to sell their products at a fraction of their face value. The majority of cards are marked down to roughly 30 percent of their face value, though cyber-criminals attempting to undercut the competition may offer cards for as little as five percent of their value. This shows the extent of the problem; the supply is so high that criminals are competing on price to sell fraudulent gift cards at a large discount to their actual value. Retail is far from alone in being an industry affected by cyber-crime stemming from the deep and dark web. There is an “arms race” between financial institutions and cyber-criminals. In fact all industries need to be monitoring and gleaning intelligence from the deep and dark web to defend themselves against attack. The number one way to mitigate the risk of the deep and dark web is to understand and effectively monitor it. If you know what your adversary will do before he or she does then you can act to mitigate the threat and put in place the defences that will be needed. As shown in the graph above we saw the increase in chatter around gift card fraud. Armed with this knowledge we could then get a step ahead by defending against the most likely threats. Language expertise is vital to using the deep and dark web for defensive purposes. Understanding how criminals speak and the true meaning behind their interactions is vital; as a result of this, humans with expert knowledge form a core part of mitigating the threats businesses face. Analysts come with a huge depth of understanding that takes years of specialised work to acquire and build. At the same time though, to scale up defences, automation also has an important role to play. I believe humans and automated technology both have a critical role to play when it comes to threat intelligence.