Digital credentials, such as usernames and passwords, connect you and your employees to critical business applications and online services. Unfortunately, criminals know this — and that’s why digital credentials are among the most valuable assets found on the Dark Web.
The cybercrime landscape is evolving fast. Cybercriminals are smarter and more organized now–almost functioning like professionals. In fact, there’s a sort of a parallel universe where they operate in a very corporate-like manner. And that parallel universe is called the Dark Web.
What is the Dark Web?
The Dark Web is made up of digital communities that sit on top of the Internet, and while there are legitimate purposes to the Dark Web, it is estimated that over 50% of all sites on the Dark Web are used for criminal activities, including the disclosure and sale of business credentials. Far too often, companies that have had their credentials compromised and sold on the Dark Web don’t know it until they have been informed by law enforcement — but by then, it’s too late.
The surface web, the deep web and the dark web
Essentially, the internet can be categorized into 3 parts:
- The surface web, which includes your ‘regular’ websites–the kinds that just show up on web searches. For example, you type, Dog Videos and links to a bunch of dog videos on YouTube shows up. YouTube, in this case, is an example of the surface web.
- The deep web, which shows up in web searches, but requires you to log in to view specific content. For example, your internet banking page or your Netflix subscription.
- Then comes the dark web.
The dark web is part of the internet that isn’t visible to search engines and requires the use of an anonymizing browser called Tor to be accessed. The dark web offers anonymity and hence is the hub for all sorts of illicit activities in today’s internet age. Strictly speaking, the dark web typically hosts illicit content. The kind of content that you find in the dark web include:
- Credit card details, stolen login credentials for something as serious as internet banking accounts to something as trivial as Uber or Netflix,
- Contact details/communication platform for striking deals with hitmen, drug dealers, weapon dealers, hackers, etc.,
- Marketplace to buy malicious codes to help corrupt or jam IT systems and even RaaS (Ransomware as a service!)
In short, the dark web is like the underworld of the internet.
Why We’re All Vulnerable
Passwords are a 20th century solution to a 21st century problem. Unfortunately, usernames and passwords – the most common digital credentials used today – are all that stands between your employees and vital online services including corporate networks, social media sites, e-commerce sites and others. A good security practice is to use a completely different password for every service, but the fact is that nearly 40% of Americans replicate the same or very similar passwords for each service they use. A secure password manager can help maintain credentials for multiple sites. For more info click here.
How to Protect Yourself
There is no single silver bullet solution that can protect against all possible attack vectors. However, you can still take steps to mitigate the most common forms of attack – statistically, these attacks are most likely to leverage passwords compromised on the Dark Web or human error due to insufficient cybersecurity training.
Consider enrolling in Dark Web monitoring to identify exposed credentials and alert you before hackers can do harm. It is also critical to implement a Security Awareness Training program to train your employees to recognize and avoid phishing attacks and other malicious activities targeting human vulnerability.