As the Internet continues to evolve, so do the threats that come with it. One of the most significant threats to small and medium-sized businesses (SMBs) today is the Dark Web. The Dark Web poses a significant threat to SMBs as it is often used to buy and sell stolen data. In this blog post, we will explore why the Dark Web is a threat to SMBs, how it contributes to data breaches, and provide examples of data breaches on the Dark Web.What is the Dark Web?
The Internet is sizable and it comprises millions of web pages, databases, and servers that operate 24 hours a day. The Surface Web, also known as the visible Internet or open web, which includes sites searchable through engines like Google and Yahoo, represents only a fraction of what is available. In essence, it is merely the tip of the iceberg.
(Source: Tulane University )
The Dark Web, on the other hand, is a hidden section of the Internet, it is a network of encrypted sites that are intentionally hidden from public view. The Dark Web is not indexed by search engines and can only be accessed with special software such as the Tor network. It is often associated with criminal activities because it provides a platform for anonymous communication and transactions. The Dark Web has become a major threat to SMBs as cybercriminals use it to buy and sell stolen data, malware, and hacking tools.
Why does the Dark Web pose a threat to SMBs?
The Dark Web provides a platform for cybercriminals to buy and sell stolen data, allowing them to profit from their crimes. SMBs, regardless of the industry sector, are often targeted by cybercriminals because they often store sensitive information such as customer, financial, and employee records which can be highly profitable for bad actors. The pie chart below from Webz shows the fact that data breaches could happen in any industry.
SMBs are particularly vulnerable to data breaches because they generally have fewer resources to invest in cybersecurity. Once their business information is stolen and sold on the Dark Web, it can be used for identity theft, fraud, and other criminal activities. Moreover, SMBs may not be aware of the risks associated with the Dark Web, making them more susceptible to attacks.
As of 2022, the Digital Shadows Photon Research team has disclosed that more than 24.6 billion combinations of usernames and passwords were being circulated on the dark web, which amounts to four sets of login credentials for every individual on the planet. Additionally, these figures surged by 65% after the aforementioned research was carried out in 2020.
How does the Dark Web contribute to data breaches?
The Dark Web is a marketplace for stolen data. Cybercriminals who steal data such as credit card information or login credentials will often sell this information on the Dark Web to other criminals. Some common methods include phishing scams, malware attacks, and brute force attacks. Once the data is stolen, it is often sold on the Dark Web to other cybercriminals who can use it for their own purposes. The anonymity provided by the Dark Web creates a chain of cybercrime that can be difficult to trace and stop, and it can take weeks or even months for companies to realise that they have been compromised.
Verizon's Data Breach Investigations Report revealed that in 2021, login credentials were implicated in 60% of data breaches. Stolen credentials and personal data are sold on the dark web for extremely low prices. These unlawfully obtained details can also be utilised for a variety of purposes, such as securing loans, credit, mortgages, and tax refunds.
Digital Information World has analysed the research findings from PrivacyAffairs. It's shocking to see that credit card details are sold for just $120 and hacked Gmail account costs only $65, given the potential profit they can make for cybercrooks.
Source: Digital Information World
Examples of data breaches on the dark web
Data breaches on the Dark Web have become a noteworthy global issue, impacting businesses and individuals worldwide.
- The Irish Times reported that Munster Technological University (MTU) confirmed some of its stolen data appeared on the Dark Web after it was hit by a cyberattack. The university was forced to close its campuses due to a “significant” breach and telephone outage. This breach was later confirmed to be a ransomware attack, designed to encrypt the university’s systems and steal data.
- Canadian communications giant Telus said that they were investigating recent claims that some employee information as well as company source code was posted to the Dark Web as part of a data breach. Telus director of public affairs Richard Gilhooley confirmed the investigation in a statement to Global News last week.
- In Australia, the law firm Baker McKenzie has launched a class action lawsuit against Medibank over the health insurer’s massive cyberattack last year that resulted in the personal details of up to 10 million customers being posted on the Dark Web.
Take action now to protect your business data
The Dark Web is a real and growing threat to SMBs. Its anonymity and ability to facilitate illegal activities can lead to catastrophic consequences for businesses and their customers. To minimise the threats, all companies should enlarge their monitoring area from the Surface Web to the cybercriminals' gold mine -- the Dark Web. If your company's sensitive information is on the Dark Web, your company's bank account, email, and other online accounts could be at risk. Don't wait until it's too late. Try our Dark Web monitoring tool for free to safeguard your business data against scammers.