The Internet is a massive venture. Millions of sites (web pages), where databases and servers all run endlessly unless if under testing and maintenance. According to Iceberg, web pages that can be searched and accessed via search engines like yahoo, Bing, Google and seen with physical eyes are said to exist on the visible internet. But there exists the Deep Web below the surface which accounts for the greatest percentage of all websites. The dark web is an unknown hidden world that is not crawlable by any commonly used search engine like Google. In fact, it’s not known to everyone. When online users search the surface of the web, they probably could get only 4% of the information. About 96% of the information is hidden in the dark web underworld.
ZDNet noted that deep web (hidden Web) is so large that it’s impossible to discover exactly how many pages or sites are active in time. The deep Web referenced to as the “darknet”, was once the province of hackers, law enforcement officers, and criminals. However, new technology like encryption and browser software anonymization, Tor project, now makes it possible for anyone to dive deep if they’re interested.
Defining the Deep/Dark Web
According to PC Advisor, “Deep Web” refers to all networked Web pages that can not be identified and accessed by normal search engines like yahoo, Google. The “Dark Web,” on the other hand, refers to sites with illicit and criminal intent or illegal content, and “marketing/trading” sites where users can purchase illicit goods or services like the purchase of drugs, user accounts, hacked working credit cards details among others. In other words, the Deep covers everything under the surface that’s still accessible with the right software, including the Dark Web.
There’s also another term, “Darknet” that refers to sites and databases that are not available over public Internet connections, even if you’re using Tor. Often, the Darknet sites are used by companies or researchers to keep sensitive information private.
While many news outlets use “Deep Web” and “Dark Web” interchangeably, it’s worth noting that much of the Deep is actually benign.
As CNN Money illustrates, big search engines are like fishing boats that can only “catch” websites close to the surface. Everything else, from academic journals to private databases and more illicit content, is out of reach.
Access to the dark web
Whoever wishes to access the Deep Web uses Tor, a service originally developed by the United States Naval Research Laboratory. You may think of Tor as a Web browser like Google Chrome or Firefox. The difference between the Tor browser and other browsers is that it shields the user’s computer by concealing their identities and online activities from surveillance and traffic analysis by separating identification and routing. It does not allow direct route between your computer and the deep parts of the Web, the Tor browser uses a random path of encrypted servers, also known as “nodes.” This allows users to connect to the Deep Web without fear of their actions being tracked or their browser history being exposed.
Use and Misuse
Many users worry that private companies and governments know more about them that their closest friends and relatives. The Deep Web offers the opportunity to bypass local restrictions and access services that may not be available to them directly like TV or movie services. Others go deep to download pirated music or grab movies that aren’t yet in theaters. At the dark end of the Web, meanwhile, things can get scary, salacious and strange.
The Guardian noted that confidential data like credit card data, social security card details, user account details, is available on the Dark Web for just a few dollars per record, while ZDNet notes that anything from fake citizenship documents to passports and other official documents, is available on the dark web provided you know how to search for it.
Darknet Markets boost cyber-attack coverage
Darknet markets, or cryptomarkets, reside on dark web sites with plenty of goods for sale. Although some products for sale are legal, illicit goods such as drugs, stolen information, and weapons are common items in these markets.
The transaction in darknet markets is anonymized. The markets are accessible via the Tor network or other browsers that protect the user’s identity and location. Transactions take place via Bitcoin using dark wallets to protect the seller and buyer. The payment is held in escrow by the site operator to discourage scammers. The only exposed link in the chain is the actual shipping of the goods through the postal system. To reduce the risk, darknet market customers may rent a post box or use an address they don’t own but can access.
Dark-net markets not only effect the sale of illegal drugs (The Economist reported that between $150 and $180 million worth of drugs were sold through dark-net markets in 2015) but also Fraudsters offer a variety of hacking tools in these underground markets such as WiFi hacking software, Bluetooth hacking tools, keyloggers, Malware, RAT, Password Hacking Tools, Phishing, Carding, Exploit, FBI/NSA Hacking Tools, Fraudulent Account, Cryptocurrency Miner Malware including Cell Tower Simulator Kit, etc. These tools cost starting at $2 and it keeps increasing based on the items and its strength also criminals offering a set of impressive hacking tools that you can buy for just $125.
Below is a set of tools and prices as per one of the dark markets on the hidden web. These tools could offer to perform various malicious activities to the target system with malware, hacking WiFi networks and steal the personal information and perform identity theft, etc.
|Item||Average Sale Price|
|Cryptocurrency Fraud Malware||$6.07|
|Remote Access Trojan||$9.74|
|WiFi Hacking Software||$3.00|
The dark marketplaces have user review systems similar to e-commerce sites like eBay and Amazon. Sellers who deliver the goods as promised receive higher ratings and are rewarded with a better reputation over time. Darknet markets provide resources for sellers and buyers on how to get the products through the mail, including what supplies are needed to disguise shipments and techniques to foil detection.
According to the statistics on the darknet and the prices as stipulated above and on other market places on the hidden web, it is noticed that for less than $1000, anyone can purchase a malware used to encrypt user data files and request for ransoms again and again. While individuals are frequently ransomed, organizations are naturally a much more lucrative target. Ransoms for organizations are growing, with an average ransom demand of up to $13,000 in the first quarter of 2019, compared with $7000 in the final quarter of 2018.
The marketplace isn’t limited to digital purchases. Interested parties can also buy physical means of attack like credit card skimmers or USB drives loaded with malware. This will not only increase the attack surface but also increase the techniques used to attack since little knowledge is required to conduct an attack with the already prepared attacking tools.
How you can keep your confidential data off the Dark market
Just like you keep locks on every door and window of your house, so should you protect every endpoint in your organization. While antivirus on desktop computers is routine, priority should be put on server-specific, native antivirus for your servers, which are the key storage areas that data compromisers are eager to exploit.
Internet of Things (IoT) devices are becoming commonplace to the workplace, but preventative security specific to such devices is difficult to find. Given the prevalence of botnets on the dark web, it’s critical to ensure that your smart device is not part of such a network. Advanced threat detection solutions are the best way to find out if any IoT device, be it a tablet or MRI machine, is infected with malware or being used for malicious purposes.
Insider threats should be looked into when evaluating solutions. The employees (insiders) have more access to data, and a simple purchase from the dark web could put a big impact on an organization that has no proper monitoring and controls. Security solutions that enforce least privilege and detect anomalies within an organization can help defend against insider threats.
Finally, a better way to prevent cyber-attacks is by than by thinking like cyber-criminals and enforcing Red teaming in the organization? Penetration tests utilize ethical hacking to safely exploit security vulnerabilities, providing organizations insight and enabling remediation before an attack ever takes place. Regular cybersecurity assessments in the organization keep organizations up to date and cover up all the loopholes through which threat actors would use to access the secure systems. Threat actors thrive in environments where individuals and organizations remain ignorant,