Over the past few years we have seen a surge in cyber attacks against well-known organizations, each seemingly larger than the last. As cybercriminals look for innovative ways to penetrate corporate infrastructures, the challenges for brand owners to protect their IP has steadily grown. Fraudsters will stop at nothing to profit from a corporate entity’s security vulnerabilities, and the data they steal can fetch a hefty price in underground online marketplaces.
Whether it is a company with a large customer base that accesses and exchanges financial or personal information online, or a small brand that has IP assets to protect, no company is exempt. While banking and finance organizations are the most obvious targets, an increasing number of attacks are taking place on companies in other industries, from healthcare and retail to technology, manufacturing and insurance companies. Data breaches can have a damaging impact on a company’s internal IT infrastructure, financial assets, business partners and customers, to say nothing of the brand equity and customer trust that companies spend years building.
Battlegrounds: Deep Web and Dark Web
A common analogy for the full internet landscape is that of an iceberg, with the section of the iceberg above water level being the surface web, comprised of visible websites that are indexed by standard search engines. It is what most people use every day to find information, shop and interact online, but it accounts for only about four percent of the Internet.
The remaining sites are found in the Deep Web, which includes pages that are unindexed by search engines. A large proportion of this content is legitimate, including corporate intranets or academic resources residing behind a firewall.
However, some sites in the Deep Web also contain potentially illegitimate or suspicious content, such as phishing sites that collect user credentials, sites that disseminate malware that deliberately try to hide their existence, websites and marketplaces that sell counterfeit goods, and peer-to-peer sites where piracy often takes place. Consumers may unknowingly stumble upon these and are at risk of unwittingly releasing personal information or credentials to fraudulent entities.
Deeper still is the Dark Web, a collection of websites and content that exist on overlay networks whose IP addresses are completely hidden and require anonymizer software, such as Tor, to access. While there are a number of legitimate users of Tor, such as privacy advocates, journalists and law enforcement agencies, its anonymity also makes it an ideal foundation for illicit activity. Vast quantities of private information, such as log-in credentials, banking and credit card information, are peddled with impunity on underground marketplaces in the Dark Web.
Waking up to the Threats
The Deep Web and Dark Web have been in the public eye for some time, but in recent years, fraudsters and cybercriminals have been honing their tactics in these hidden channels to strike at their prey more effectively and minimize their own risk of being caught. The anonymity in the Dark Web allows this medium to thrive as a haven for cybercriminals, where corporate network login credentials can be bought and sold to the highest bidder, opening the door to a cyberattack that most companies are unable to detect or prevent.
While Deep Web sites are not indexed, consumers may still stumble upon them, unaware they have been redirected to an illegitimate site. The path to these sites are many: typosquatted pages with names that are close matches to legitimate brands; search engine ads for keywords that resolve to Deep Web sites; email messages with phishing links; or even mobile apps that redirect.
Moreover, as a higher volume of users learn the intricacies of Tor to access and navigate the Dark Web, the greater the scale of anonymity grows. More points in the Dark Web’s distributed network of relays makes it more difficult to identify a single user and track down cybercriminals. It’s like trying to find a needle in a haystack when the haystack continues to get larger and larger.
The Science and Strategy Behind Protection
Brands can potentially mitigate abuse in the Deep Web, depending on the site. If a website attempts to hide its identity from a search engine, there are technological solutions to uncover and address the abuse. Conventional tools commonly used by companies to protect their brands can also tackle fraudulent activity in the Deep Web, including takedown requests to ISPs, cease and desist notices and, if required, the Uniform Domain-Name Dispute-Resolution Policy (UDRP).
As for the Dark Web, where anonymity reigns and the illicit buying and selling of proprietary and personal information are commonplace, companies can arm themselves with the right technology and threat intelligence to gain visibility into imminent threats. Actively monitoring fraudster-to-fraudster social media conversations, for example, enables companies to take necessary security precautions prior to a cyberattack, or to prevent or lessen the impact of a future attack. In the event of a data breach where credit card numbers are stolen, threat intelligence can help limit the financial damage to consumers by revealing stolen numbers before they can be used and have them cancelled by the bank.
Technology can even help identify and efficiently infiltrate cybercriminal networks in the Dark Web that might otherwise take a considerable amount of manual human effort by a security analyst team. Access to technology can significantly lighten the load for security teams and anchor a more reliable and scalable security strategy.
In light of so many cyber threats, it falls to organizations and their security operations teams to leverage technology to identify criminal activity and limit financial liability to the company and irreparable damage to the brand.
Key Industries at Risk
A growing number of industries are now being targeted by cybercriminals, but there are tangible steps companies can take. For financial institutions, visibility into Dark Web activity yields important benefits. Clues for an impending attack might potentially be uncovered to save millions of dollars and stop the erosion of customer trust. Improved visibility can also help companies identify a person sharing insider or proprietary information and determine the right course of action to reduce the damage.
In the healthcare industry, data breaches can be especially alarming because they expose not only the healthcare organization’s proprietary data, but also a vast number of people’s medical information and associated personal information. This could include images of authorized signatures, email addresses, billing addresses and account numbers. Cybercriminals who use information like this can exploit it to compromise more data, such as social security numbers and private medical records. Credentials could even potentially lead to identities being sold.
Most organizations have implemented stringent security protocols to safeguard their IT infrastructure, but conventional security measures don’t provide the critical intelligence needed to analyze cyberattacks that propagate in the Deep Web and Dark Web. It is fundamentally harder to navigate a medium where web pages are unindexed and anonymity can hide criminal activity.
Meanwhile, cyberattacks on organizations across a wider number of sectors continue to surge, putting proprietary corporate information, trade secrets and employee network access credentials at risk. Businesses need to be aware of all threats to their IP in all areas of the Internet. Leveraging every available tool to monitor, detect and take action where possible is vital in addressing the threats that these hidden regions of the internet pose.