A home to hackers, the dark web means it has never been easier to target personal and customer data
2018 saw criminals once again target organizations – of all sizes, and across industries and market sectors – with a series of cyberattacks that continues to escalate in complexity, scale and frequency. Many of these attacks were launched with one goal in mind: stealing data.
Data is a valuable, and much-sought after currency in today’s digital world. Whether its confidential company information like banking details, employee records, Intellectual Property (IP) documents, the credit card details, logins or Personally Identifiable Information (PII) of customers, all stolen data has a value to the thieves, which is why data protection should be a top priority for any business.
The increase in data theft is fuelled, in no small part, by the dark web. Where criminals would once fence their stolen goods via a network of shady contacts, this dark corner of the internet does much the same job. Operating under the anonymity afforded by trading in cryptocurrencies, the dark web is where data is bought and sold for a price. The dark web is often confused with the deep web, however the two are different. The deep web refers to the entire internet – most of which is not indexed and therefore won’t appear on search engines. The dark web specifically refers to the criminal activity taking place on this unindexed portion of the internet.
The data varies in value. For example, personal information that cannot be changed as easily as a credit card or bank account reportedly is highly valuable to cybercriminals and drives a high price on the dark web.
However, the dark web isn’t just a place to buy or sell stolen data; it also promotes and enables cyberattacks by making hacking tools easily and cheaply available to anyone with a laptop, making it a threat to all web security. 2018 research by Virtual Private Network (VPN) comparison service Top10VPN.com, showed that fraudsters can access hacking tools on the dark web for the cost of a cheap takeaway coffee.
Entry-level hacking tools, such as ready-made phishing pages, software to compromise Wi-Fi networks and files to help hack passwords all go for less than $3.95 (£3) on the dark web. But even comprehensive hacking toolkits be picked up for around $130 (£99), according to the research.
Coupled with the availability of how-to guides on the dark web – meaning rookie hackers need no prior knowledge of web security or on how to carry out attacks – the report notes that there’s a ”real concern that online fraud could be becoming more commonplace.”
“The perception that hacks are purely the territory of techy bedroom warriors or organizations like Anonymous is increasingly a thing of the past – and all consumers need to be aware of that,” it explains.
Many experts believe this situation will only get worse. Individuals won’t have to belong to a well-known hacking group like Magecart, which was responsible for stealing customer data from Ticketmaster UK last year among other high-profile breaches, to be able to launch a successful attack on an organization by exploiting flaws in their web security.
As we’ve seen from the headlines, the fallout of a data breach can be devastating. While it varies considerably based on things like location, industry, compliance considerations, third-party involvement, insurance protection, etc., the 2018 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the average cost of a data breach in the United States at $7.91 million (£6.1 million).
Some more shocking statistics: the average time to identify a breach was 197 days, and the average time to contain a data breach once identified was 69 days. However, companies who contained a breach in less than 30 days saved over $1 million (£760,000) compared to those that took more than 30 days.
One area of the business that’s frequently targeted by hackers is the company website, often a goldmine of customer data. The good news is, there are several ways to safeguard this data and prevent a breach.
Another vulnerability often exploited by groups like Magecart stems from the use of third-party vendors on your website, which hackers can use as an entry point to your organization, compromising your website security. MarSec™ can help you manage third party technologies by whitelisting approved vendors and managing and updating policies in real time.
With the dark web’s law of supply and demand powering cybercrime from behind the scenes, it has never been more important to ensure your organization is protected from a crippling data breach.