What is the Dark Web?
The dark web is an area of the internet that can only be accessed through specific browsers such as the Tor browser. Users identities are protected by encryption technology which makes their browsing and online actions anonymous and untraceable. Although the Dark Web is largely used for illegal activity it is also used legitimately by many companies. Reasons for noncriminal use of the Dark Web can range from the storage of sensitive documents to the conduction of sting operations.
How do cyber criminals gain access to credentials?
Passwords are a twentieth-century solutions to a twenty-first century problem. Unfortunately, user names and passwords – the most common digital credentials used today – are all that stands between users (if you run a business this could be your employees) and vital online services including business networks, social media websites, e-commerce sites and more. Its good practice to use a unique password for every service you use, but it is well-known that this is often not the case with users replicating or using similar passwords for each service. There are many other ways cyber criminals can gain access to your personal information. This includes:
Cyber criminals send out emails disguised as legitimate messages. These messages can trick users into sharing personal information or deliver malware onto their device to capture their credentials.
Malware is injected into online advertising networks which when used captures visitors’ credentials.
Similar to Malvertising, Watering Holes inject malware, but this malware is targeted at popular sites such as social media sites and company intranets.
Internet-facing company assets are scanned for vulnerabilities. These vulnerabilities are used to establish a foothold. Cyber criminals can then move to other areas of the network discovering credentials as they go.
How does a cyber criminal use stolen credentials?
Stolen credentials can be used by cyber criminals in many ways including:
- To send spam from a compromised users email account
- To host malicious content on compromised websites/intranets
- To install malware
- To gain access to other accounts using the same credentials
- To exfiltrate sensitive data
- Identity theft
Stolen credentials can also be sold on Dark Web markets for tens of thousands of pounds. Once sold, breached companies can easily be attacked from dozens or even hundreds of malicious attackers.
Protection against data breaches
The best protection is to implement multiple tools such a security monitoring, multi-factor authentication and improving security awareness. Dark Web monitoring is a fantastic tool with search capabilities to identify, analyse and monitor companies stolen data giving companies a head-start in taking action BEFORE a breach occurs.
How does this work? We will scan the Dark Web for any credentials relating to your domain name that have been involved in past known data breaches and will provide you with a FREE one-time report of the findings. This will allow you to notify employees and change passwords to avoid the cyber criminals next target being your business. Fill out this form to get your FREE Dark Web scan now.