Your Data and The Dark Web At this point daily, you and your team are most likely getting emails, texts and direct messages from people claiming everything from needing a verification on a bank account, that you won a million dollars in a contest you didn’t enter, or HR needs your login credentials, from accounts that aren’t what they seem. These social engineering attacks serve one purpose, to get access to your network and grab your and your client’s information. This could be anything from logins to bank accounts, to social security numbers. While at times these are being used directly by the hackers themselves, for the most part, they serve another purpose. These are sold as goods and services on
the dark web.
WHAT IS THE DARK WEB
Think of the web like the earth. What we deal with every day, is akin to the part of the planet we live on and walk on. This is called the clear web, as it is the part that is the most visual to us. Beneath that,the crust into the core, is known as the deep web. In there are things that require access to enter, from files for corporations, data, and media to
streaming services, and everything in between. Inside the Deep Web, is the Dark Web. The Dark Web is a cloaked subsection that requires a special browser and a
VPN to access and is full of marketplaces where the illicit is traded, as well as housing sites for federal organizations, news, and social media accessible to
those in countries with blocked access to the internet. It is for better or worse, the unregulated version of the world wide web.
One of the main things for sale on the dark web is data. This data comes in the form of consumer records such as credit card information, bank information, passwords from everything to business networks to Netflix logins. These are often sold by hackers in the form of dumps. Dumps are when large troves of information are sold, oftentimes for under 100 dollars, to be perused through by malicious actors to gain access to useable accounts. While a dump may contain over 10000 credit card names and numbers, not all of
them will work. From there, hackers and scammers go through these to find the ones that will work and exploit these opportunities. Some of these scammers can even clone cards, creating usable physical cards that can be disposed of as needed.
The other thing that is sold is access to accounts. This goes past just providing the logins and letting the criminals figure it out for themselves. This is taking compromised accounts, be it Western Union, PayPal, Venmo or bank accounts, and making transfers directly from said accounts and into the hands of the would-be thieves. These are also sold on the dark web for pennies on the dollar, making the attractive for criminals looking to make a quick buck.
RaaS and The Rise of Cyber Attacks Cyber attacks have become lucrative business for this reason. Not only can they offer direct payment in the form of ransom, but also
a secondary source of income in the form of selling access and data to whoever can pay for it. For this reason, hackers are selling their malware, spyware, and ransomware in the same way Microsoft offers it’s Office365 service. Malicious actors from disgruntled former employees to amateur hackers can purchase this software ready made and ready to be unleashed on unsuspecting people and organizations. While these methods are highly illegal and can land someone years in jail for getting caught, unfortunately they are to prevalent to stop, and are a worldwide problem, many times originating from countries without extradition and without the want to prosecute these crimes themselves.
Therefore it is imperative that you be vigilant in protecting your data and your customers data, as well as checking your network for flaws that will allow malicious actors to access your network. Encryption within your network is key. You should have your files encrypted to anyone who isn’t supposed to have access to your network. This way if there is a breach, they won’t be able to discern anything important from the illegally gained information.
Passwords should be changed regularly. Use a random password generator in order to ensure that your team doesn’t use the easily hackable passwords such as pets names, birthdays, and other personal information. How your team carries themselves on social media is also very important. Oftentimes we feel the need to overshare on social media, which leaves us vulnerable to cyber attackers. Make sure they set their pages to private, so that only the people they want to access their pages can. Avoid posting things that are to personal, making it harder for malicious viewers to wean passwords based off of the photos given. Also keep in mind that access to social media accounts is also available on the dark web, often for under $40, so things that you think are only accessible to you, may not be.
The best thing you can do is have a great partner on your side. An MSP like Delval Technology Solutions has many approaches they can take. They can scour the dark web for your data, which would save you time, money and even save your security as even surfing the dark web can leave you open to malware and ransomware attacks. From there, they can fortify your network through testing to find the vulnerabilities, and patches to shore them up. Your endpoints, which is tech for entrances and exits, will be monitored, and
protected, ensuring that only the people you want to get in, can get in. Finally, they will monitor your network in real time to keep it as airtight as possible.
For more information, be sure to check out our whitepaper The Dark Web and Your Small Business, available at www2.dtsolutions.com. It is free and filled with facts, infographics, pictures and everything else you need to understand the dangers of the dark web. From there, contact us for your free Dark Web report, so you can see firsthand if you have been compromised.