What is the dark web?
The deep web, also referred to as the dark web, is the hidden part of the internet that you can’t find using Google or Yahoo. The term “deep web” refers to a collection of websites which exist on an encrypted network that promotes anonymity. Experts estimate that the “surface web,” the internet that is accessed through Chrome or Internet Explorer, only accounts for 10-15% of the whole internet. The majority of the deep web is harmless. It is full of things like medical records, private directories and websites under various stages of construction. The portion of the deep web that hosts illicit content is what is commonly referred to as the dark web.
To access this part of the internet you need specific software, like the Tor (The Onion Router) browser. This browser routes traffic between a series of proxy servers around the world, making you and your IP address practically untraceable. The dark web provides anonymous access to purchase things like drugs, weapons, hacking tools and stolen PII.
Our point of focus is on the stolen PII, specifically your email credentials. Everyday stolen email credentials are bought and sold on the dark web at a serious discount. In most cases, email credentials sell for $1 or less. This could lead to a major security breach of your business. Or, the attacker could start a new phishing campaign with your credentials and target all of your contacts. They could even access your other accounts, like Gmail or LinkedIn, if you reuse passwords.The scariest part is that your PII could already be on the dark web and you wouldn’t be the wiser until it is too late.
How did my credentials end up on the dark web?
There are many ways for your passwords to show up for sale on the dark web, but typically it is for one of two reasons.
Major companies all over the world get hacked, you see it in the news all the time. Target, Yahoo, Mariot and Equifax have all data breaches in the last 5 years. Part of the data that was stolen includes customer’s email addresses and passwords. These credentials are then uploaded and sold on the dark web, typically in bulk.
The main goal of a phishing campaign is to steal credentials. Once the phisher has a confirmed working set of credentials, it is placed for sale on the dark web or used to continue the campaign and steal more credentials.
Now that your credentials are for sale on the dark web the impact can be far reaching. This ‘foot in the door’ sets the criminals down a path of gaining more access to your online life. If they have access to your email, the criminals could begin resetting passwords for other websites that you commonly use…including online banking. They can also try the same username and password to login to other sites, like Facebook or Amazon, and do more harm. It is not uncommon for people to reuse passwords, so there is a good chance one password opens a lot of doors.
While there is no way to prevent your PII from showing up on the dark web there are some things you can do to protect yourself. Use complex passwords, change your passwords often and use two-factor authentication whenever possible. You should also use unique passwords for every site or use a password manager to simplify the process while staying secure.
Your organization should also consider using a dark web monitoring service. This type of tool searches the dark web for any email address and password associated with your domain. If found, actions can be taken to prevent access to that account or remove any current persistent access a cybercriminal may already have.