Story image

How to keep data off the Dark Web, even though it’s growing darker

By Contribution, Thu 9 Dec 2021

Article by Forcepoint company, Bitglass, leader of the Threat Research Group, Mike Schuricht.

A recreation of a 2015 Dark Web investigation by Bitglass reveals - no surprise - that the Dark Web is getting darker. So let's delve deeper into the research, which discusses the rapid growth of Dark Web activity and suggests ways to protect an organisation's data.

Cyber security professionals may be forgiven for believing they are in touch with the cyber threats out there. Still, as the world is becoming increasingly digital, the risks of breaches have reached another level. Further investigation into today's Dark Web has unearthed even more proactive and sinister threats posed to organisations, which emanate from the upper percentiles of cybercriminal intellects.

In sharing the reality of this Dark Web activity, cyber pros will be able to identify patterns to formulate a frontline defence strategy for their organisations.

The Dark Web has always been a mysterious space within the Internet where users can communicate and partake in illegal activities. But the growing sophistication of technology is skilling up cybercriminals in areas including AI and ML, which means what the threatscape looked like six years ago pales in comparison to that of the Dark Web observed by our latest investigation.

'Where's My Data' experiment

To find out how data is viewed and accessed on the Dark Web, Bitglass' threat research team re-created its 2015 'Where's Your Data' data tracking experiment. It created a fictional identity claiming to have a list of vetted login and password data originating from the RockYou2021 password compilation leak.

Researchers posted in various Dark Web marketplaces, also known as 'pastebins', with links to faux files with credentials that would allow access inside organisations in retail, government, gaming and media. The files were embedded with our proprietary watermarking technology, which traced the data after users on the Dark Web accessed it.

The research reveals a rapid growth of dark web activity with more serious dangers posed to organisations and a more anonymous profile of dark web viewers. For example, in 2021, 93% of viewers on the Dark Web are anonymous, compared to 67% in 2015.

Stolen data spread 11 times faster on the Dark Web than it did in 2015. Breach data received over 13,200 views in 2021 versus 1,100 views in 2015 - a 1,100% increase. In 2015, it took 12 days to reach 1,100 link views compared to less than 24 hours to surpass that milestone in 2021.

What's more, its reach was greater, with breach data downloaded from entities spanning five different countries. This increased interest and activity around stolen data on the Dark Web can be attributed to the increased number of data breaches as well as more avenues for cybercriminals to monetise exfiltrated data.

Another noteworthy finding was the international reach of cybercrime and that the location of cybercriminals proved to be closer than you may think. The top three downloads of stolen data originated from Kenya, the US and Romania.

Of all the types of data that our researchers seeded on the Dark Web, data to access retail and US Government networks received the most clicks, 37% and 32%, respectively.

Gaining access to large retailers' networks remains a top priority for many cybercriminals wishing to deploy ransomware and extort pay-outs from large and profitable organisations. Similarly, interest in the US Government information could be due to state-sponsored hackers or independent hackers looking to sell this information to nation-states.

How to keep data off the Dark Web

Some ways to check that an organisation's cyber security is working its hardest include:

  • Ensure security covers all devices, anywhere, not only on the corporate network
  • Implement mechanisms to track location and access of all data and credentials 
  • Employ a Zero Trust Framework 
  • Adopt a best practice approach to employee cyber-hygiene 
  • Block SaaS app login and access attempts with CASB by denying anonymisers and activity from unfamiliar or suspicious locations
  • Develop a security strategy that is independent of your underlying operating system infrastructure

Since hackers and cybercriminals use many of the same tools and technologies that tech experts are adopting, such as cloud computing, AI, and machine learning, it is vital to use advanced technologies to protect your data.

Undisputedly, the Dark Web activity has become even darker. And, as corporate data moves beyond the firewall, traditional security solutions have become obsolete. Only through best practice, new technology and a strategy that addresses current threat levels will data be secured.

Recent stories
More stories