How The Dark Web Fuels Website Data Theft

February 4, 2019 - Ensighten

A home to hackers, the dark web means it has never been easier to target personal and customer data

2018 saw criminals once again target organizations – of all sizes, and across industries and market sectors – with a series of cyberattacks that continues to escalate in complexity, scale and frequency. Many of these attacks were launched with one goal in mind: stealing data. Marketing security is a must.

Data is a valuable, and much-sought-after currency in today’s digital world. Whether it's confidential company information like banking details, employee records, Intellectual Property (IP) documents, the credit card details, logins or Personally Identifiable Information (PII) of customers, all stolen data has a value to the thieves, which is why data protection should be a top priority for any business.


The dark corner of the internet – what is the dark web?

The increase in data theft is fuelled, in no small part, by the dark web. Where criminals would once fence their stolen goods via a network of shady contacts, this dark corner of the internet does much the same job. Operating under the anonymity afforded by trading in cryptocurrencies, the dark web is where data is bought and sold for a price. The dark web is often confused with the deep web, however the two are different. The deep web refers to the entire internet – most of which is not indexed and therefore won’t appear on search engines. The dark web specifically refers to the criminal activity taking place on this unindexed portion of the internet.

The data varies in value. For example, personal information that cannot be changed as easily as a credit card or bank account reportedly is highly valuable to cybercriminals and drives a high price on the dark web.

However, the dark web isn’t just a place to buy or sell stolen data; it also promotes and enables cyberattacks by making hacking tools easily and cheaply available to anyone with a laptop, making it a threat to all web security. 2018 research by Virtual Private Network (VPN) comparison service, showed that fraudsters can access hacking tools on the dark web for the cost of a cheap takeaway coffee.

Entry-level hacking tools, such as ready-made phishing pages, software to compromise Wi-Fi networks and files to help hack passwords all go for less than $3.95 (£3) on the dark web. But even comprehensive hacking toolkits be picked up for around $130 (£99), according to the research.

Coupled with the availability of how-to guides on the dark web – meaning rookie hackers need no prior knowledge of web security or on how to carry out attacks – the report notes that there’s a ”real concern that online fraud could be becoming more commonplace.”

“The perception that hacks are purely the territory of techy bedroom warriors or organizations like Anonymous is increasingly a thing of the past – and all consumers need to be aware of that,” it explains.


Hacking for beginners

Many experts believe this situation will only get worse. Individuals won’t have to belong to a well-known hacking group like Magecart, which was responsible for stealing customer data from Ticketmaster UK last year among other high-profile breaches, to be able to launch a successful attack on an organization by exploiting flaws in their web security.

As we’ve seen from the headlines, the fallout of a data breach can be devastating. While it varies considerably based on things like location, industry, compliance considerations, third-party involvement, insurance protection, etc., the 2018 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the average cost of a data breach in the United States at $7.91 million (£6.1 million).

Some more shocking statistics: the average time to identify a breach was 197 days, and the average time to contain a data breach once identified was 69 days. However, companies who contained a breach in less than 30 days saved over $1 million (£760,000) compared to those that took more than 30 days.


Protect your website

One area of the business that’s frequently targeted by hackers is the company website, often a goldmine of customer data. The good news is, there are several ways to safeguard this data and prevent a breach.

With criminals known to inject malicious JavaScript code into organizations’ websites, it is a good idea to look for a website security solution like our MarSec™ platform, which prevents data leaks by inspecting the onward content contained within JavaScript requests.

Another vulnerability often exploited by groups like Magecart stems from the use of third-party vendors on your website, which hackers can use as an entry point to your organization, compromising your website security. MarSec™ can help you manage third-party technologies by allowing only approved vendors and managing and updating policies in real-time.

With the dark web’s law of supply and demand powering cybercrime from behind the scenes, it has never been more important to ensure your organization is protected from a crippling data breach.




Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Magecart blog

Learn more about the most talked about cyberattack group and how you can protect against Magecart attacks

Read Now

JavaScript security guide

Learn more about the risk of third-party JavaScript components and how you can ensure protection against data theft

Read Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against attacks

Book Now