Exploring the Dark Web: The Digital Wild West
Data breaches are increasingly common, and news reports frequently highlight these incidents. Millions of email addresses and passwords have been stolen, sold, and shared across the Dark Web. But what exactly is the Dark Web, and what threat does it pose to organisations?
In this article we journey into the depths of this digital Wild West. Much like the lawless frontiers of the past, the Dark Web is a digital landscape where anonymity and illicit activities thrive beyond the reach of many authorities. We explore what the Dark Web is, its role in cyber crime, and recent reports on data leaks. In addition, we cover measures that organisations can take to prevent their most sensitive assets from ending up for sale on the Dark Web.
What is the Dark Web?
The Dark Web is a hidden part of the internet that operates outside the bounds of conventional search engines and requires specialised software, configurations, or authorisation for access.
While the Dark Web is home to many legitimate companies, it also contains message boards, online marketplaces for drugs, as well as stolen financial and private data. Transactions within this economy are often made with cryptocurrency and are completely anonymous.
The Dark Web is infamous for its role as a hub for illicit activities, providing anonymity to users engaged in cyber crime, data breaches, and other nefarious deeds. It facilitates a vast market for stolen data, compromised credentials, and hacked accounts. With corporate credit cards, criminals can cause financial damage and make unauthorised purchases. The risk is more than just financial damage from stolen credit cards, with employee details criminals can launch more sophisticated and targeted attacks. Phishing attacks are one of the most common attack methods employed by cyber criminals, and could be the entry point for further compromise to your organisation.
The Dark Web is not just stolen credentials, it also harbours platforms where individuals can hire hackers for various malicious purposes, from launching cyber attacks to conducting espionage. If you can imagine it, it’s probably out there on the Dark Web.
Recent reports from sources like CSO Online and the University of Surrey underscore the growing prevalence of cyber criminal activities on the Dark Web, posing significant threats to enterprises and individuals alike.
Tales from the CyberLab
AI's Role in Data Protection
Recent Breaches on the Dark Web
Recent data breaches have highlighted the growing market for stolen data and credentials on the Dark Web.
Apple, Google, and Other Major Companies
A huge breach exposed 184 million logins for Apple, Google, and many other companies. The dataset, which was discovered in an unprotected online database, includes usernames and passwords for various online services and email providers. Jeremiah Fowler, a cyber security researcher investigating the database believes that infostealer malware may have been used to obtain and compile the compromised dataset. Infostealer malware is often deployed in phishing emails and malicious websites and used by cyber criminals to harvest data and credentials from systems they have infected. The stolen data/assets are usually then sold on the Dark Web or other illicit marketplaces. (source: PCMag)
AT&T
In another alarming incident, personal data belonging to 73 million current or former AT&T customers was leaked online. The data, including addresses, social security numbers, and passcodes, was published on the Dark Web, prompting concerns over potential misuse. AT&T has initiated an investigation into the breach, although they have not identified evidence of the data being stolen. As a precautionary measure, the company has reset customers’ passcodes and urged them to monitor their account activity and credit reports. The leaked data, which dates back to 2019 or earlier, encompasses information from 7.6 million current customers and 65.4 million former account holders. While financial information was not included in the leak, details such as full names, email addresses, and dates of birth were compromised. Even though the breach happened in 2024, the stolen data is still on the Dark Web and is being repackaged for sale (source: ZNET)
US National Public Data Breach
An enormous amount of sensitive information, including social security numbers for millions of US, UK and Canadian citizens, was stolen and released on the Dark Web. The data breach, believed to be 277.1 gigabytes of data includes names, address histories, relatives, and social security numbers dating back at least three decades. The hacking group claiming responsibility for the breach, USDoD , are apparently selling the stolen data on the Dark Web for $3.5 million. (source: USA Today Tech)
What Bad Actors Can Do with Data on the Dark Web
The dark web serves as a digital marketplace for cyber criminals looking to exploit stolen data. Here are some of the malicious activities they can engage in:
Credential Stuffing
Cyber criminals use stolen credentials to gain unauthorised access to accounts by trying multiple username-password combinations.
Fraud
Stolen data can be used to commit various types of fraud, including identity theft and financial fraud.
Ransomware
Ransomware-as-a-service (RaaS) allows criminals to encrypt and lock victims’ data until a ransom is paid.
Distributed Denial-of-Service (DDoS) Attacks
Attackers can use stolen data, such as login credentials or network configurations, to infiltrate systems and hijack devices, turning them into bots within a larger botnet. These botnets are then coordinated to flood a target’s network or server with an overwhelming volume of traffic, causing disruptions, slowing operations, or completely paralysing the system.
Keyloggers, Trojans, and Spyware
Malware tools can be distributed to steal sensitive information from victims.
How to Protect Your Data
If your data has made it on to the Dark Web, acting quickly to assess the risk and mitigate the potential damage is essential. But how do you know if your data is out there? Dark Web Monitoring allows you to monitor any instances of your organisation’s data on the dark web and receive proactive notifications if any information from your domain is found. The platform engine monitors hidden chat rooms, private websites, P2P networks, IRC channels and thousands of botnets.
Continually scanning Dark Web databases for your company’s domain-specific data means you can act quickly if your sensitive information is made available on the Dark Web. With intelligent algorithms, sifting through the vast amounts of information, accurately identifying any instances of your company’s data. When such a potential threat is detected, it provides real-time alerts, enabling you to take immediate action to protect your business.
Few organisations have the right tools, people, and processes in-house to manage their security program around-the-clock while proactively defending against new and emerging threats. As such, organisations should consider getting an assessment of their cyber security posture to identify weaknesses. Another consideration is implementing advanced technologies for threat detection or partnering with a Managed Security Services Provider (MSSP) for services such as Managed Detection and Response (MDR).
In Conclusion
The Dark Web remains a formidable challenge in today’s digital landscape, serving as a haven for cybercriminals to exploit vulnerabilities and trade stolen data. The recent data breaches reveal the sheer scale of data that is vulnerable to being exposed on this digital black market, and underlines the importance of implementing robust cyber security controls and strategies.
By pro-actively and regularly assessing their estate for vulnerabilities, implementing robust detection and response capabilities, continuously monitoring Dark Web channels for any exposed data or credentials, and fostering a culture of cyber awareness and vigilance, organisations can better protect themselves and their informational assets against the ever-present threats posed by the Dark Web.
Detect. Protect. Support.
Free Posture Assessment
Understand your security risks and how to fix them.
Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.
Claim your free 30-minute guided posture assessment with a CyberLab expert.