Many people don’t know that their data, which can include your email address and sometimes even passwords, may be readily available on the dark web. In this blog we’ll take a look at what the dark web is, how credentials end up there and what you can do to try and prevent hackers gaining access to your accounts.
What is the Dark Web?
The dark web is content on the internet which requires further levels of applications to access, inaccessible to regular search engines like Google. The dark web is anonymised and therefore, is used by some malicious actors to host illegal content. One study found that 57% host illicit material* and another found that 60% of sites, excluding those selling drugs, could be harmful to enterprise.*
The dark web is often confused with the term ‘deep web’, which is not the same. The deep web is anything on the internet inaccessible to search engines, including anything with log-in credentials or a paywall – estimates suggest this accounts for around 96-99% of the internet. The dark web is a subset of the deep web, and as stated earlier, requires specific browsers called ‘Tor’ to view.
How Credentials End Up On The Dark Web.
At this point, you may ask why this is important to you? Most people have heard of the dark web in some form – mostly the news, which emphasises the more obviously criminal aspects of drugs and guns available to purchase ‘on the internet’. However, what is less reported is the benefits to the cybercriminal for this level of anonymisation, and how it can be used to threaten businesses.
Data online, according to CSO, can be used for a variety of different threats to enterprise. These include the following:
- Infection or attacks, including malware, distributed denial of service (DDoS) and botnets
- Access, including remote access Trojans (RATs), key-loggers and exploits
- Espionage, including services, customisation and targeting
- Support services such as tutorials
- Credentials
- Phishing
- Refunds
- Customer data
- Operational data
- Financial data
- Intellectual property/trade secrets
Some of the attacks may be more obvious, a threat to your financial data or malware installed. If your email is readily available then you could be likely to become the victim of a phishing attack. However, if you have other data available on the dark web – such as customer data, credentials etc. you could be a sitting duck for cyber-criminals, and once you’ve dealt with one attack, the next may be just around the corner.
What Should You Do If Your Information Is Available On The Dark Web?
Because of these various risks, it’s important to know if your data is available on the dark web. Unfortunately, there may not be much you can do in terms of getting it removed, so if you do find something – it’s vital to change that data as soon as possible. For example, if your password is available on the dark web, then make sure to change it and do not use that password in the future for any accounts.
As part of the usecure package, we include dark web monitoring, which looks for recent breaches and checks against your email to see if your email/password is available. We also regularly update this with dark web scans – ensuring that you’re protected.
What Exactly is Dark Web Monitoring?
Dark web monitoring is the process of web monitoring, also known as cyber monitoring. This is an identity theft prevention product that enables you to monitor your identity information on the dark web, and receive notifications if your information is found online.
The dark web is seen as the underbelly of the Internet, is a shrouded area of the internet, hidden from search engines and only accessible with a special web browser. It also masks IP addresses, which essentially allows fraudsters to operate undetected to commit crimes, including identity theft
What are the benefits of Dark Web Monitoring?
There are a multitude of benefits to consistently using dark web monitoring tools, but some of the most common benefits include:
Knowing quickly when you are at risk
Ability to effectively adapt to hacks
Knowing who is at risk, and being able to notify them
Detect compromised data
Identify what data is exposed
Understand which breaches led to the exposure
