IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it's difficult to monitor external malicious environments – which only makes them that much more threatening.
In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The cybersecurity incident involved the DC Health Link, an online marketplace that administers health plans for members of Congress and Capitol Hill staff. According to news reports, the FBI had successfully purchased a portion of the data – which included social security numbers and other sensitive information – on the dark web.
Because of the prominence of the victims, the story was picked up by a slew of media outlets that rarely cover dark web-related cybersecurity crimes. The story not only shed light on one of the most dangerous aspects of the internet, it reminded us that the dark web continues to serve as fertile ground for cybercriminals.
The dark web is only growing more ominous
Once upon a time, the dark web was full of bad actors primarily focused on stealing banking and financial information. Cybercriminals were there to buy, sell, and trade large data sets belonging to financial institutions. The goal: stealing names, security numbers, and credit card information to hack into people's accounts and deal in identity theft attacks. But as technology has evolved and become more sophisticated, so have the bad actors lurking on the dark web and underground forums as well as the tools they use.
What is even more worrisome is the number of inexperienced hackers who are becoming increasingly more destructive with the ever-growing Malware-as-a-Service (MaaS) market. These amateur threat actors are building and operating entire malware infrastructures, selling access to the cybercrime software tools without putting themselves at risk of committing cybercrimes.
Cybercriminals have created an enormous market for malicious software, including "Info Stealer" malware that captures personal information from vulnerable networks and computer systems. This malware is used to find compromised credentials that can be used to plan large, sophisticated attacks targeting everyone from small and midsize businesses to corporate enterprises and government organizations with thousands of employees.
These attacks are coming from all directions, from state-sponsored campaigns used to overthrow government parties and social movements to large-scale assaults on some of the world's biggest companies. And the hackers are not only after personally identifiable information – they want to steal intellectual property and proprietary data. Their goals have become far more nefarious with irreversible consequences that put entire industries at risk.
Meanwhile, as malicious software like "Info Stealer" gains more traction among cybercriminals, the dark web is still full of stories, tactics, and tips for using traditional cybercrime tools like ransomware, Trojan, Spyware, adware, and more.
Why the dark web is a threat to your organization
For cybersecurity and IT teams, one of the most threatening aspects of the dark web is that you simply don't know what you don't know. No matter how powerful your cybersecurity technology may be, it is difficult to monitor every dark corner of the Internet. Also, as a business, your security controls are limited. Your vendors, partners, clients, and even employees could accidentally compromise your entire infrastructure before you even realize there is an issue.
For example, in today's world of hybrid and remote working environments, an organization's security tools are not able to secure devices like laptops, phones and tablets used outside of a business' security boundaries. With so many disparate systems, employees are unknowingly creating blind spots that offer little to no visibility for the team tasked with safeguarding its organization's computer systems. Instead of having to "hack" a network, cybercriminals can often walk right into the perimeter with compromised credentials purchased on the dark web.
The unfortunate reality is that many organizations simply do not have the headcount or resources to monitor the dark web and underground forums where hackers congregate. Cybersecurity technology is a necessary defense, but security teams need an extra layer of protection to monitor threatening environments and detect leaked credentials.
Larger organizations with broad IT and security teams often have entire departments devoted to monitoring the dark web to identify and track cybersecurity threats before they become serious incidents. But smaller teams that barely have enough manpower to manage incoming security alerts simply do not have the bandwidth to keep an eye on the darkest corners of the Internet.
Lighthouse Service: Monitoring the dark web so you don't have to
No sector is left untouched when it comes to cyber security attacks caused by compromised credentials. Some of the largest data breaches last year impacted huge brands, including Microsoft, Uber, and Rockstar Games (the company behind Grand Theft Auto) – all were victims of attacks resulting from compromised credentials. If a company like Microsoft – with numerous resources and headcount – can't protect its systems, what luck does a smaller organization have with a lean IT team working with a limited budget?
Cynet took this question to heart and, in response, launched its Lighthouse Service. The service monitors the dark web and underground forums so that its customers don't have to. Because compromised credentials are a leading component of cyber-attacks, Cynet's Lighthouse Service is focused specifically on credential theft monitoring. The team searches for the "freshest" data it can find. From there the team can digest and easily navigate large datasets to detect information about our customers in areas that are left unprotected by cybersecurity platforms.
By monitoring the dark web, Cynet gains deep insights into cybercriminal behaviors. The Lighthouse Service identifies newly launched exploits used or searched by threat actors. The Cynet team can track malicious activity and sometimes find data breaches impacting third parties connected to its customers – allowing Cynet to notify customers of a potential data leak if one of their vendors or partners were hacked.
In fact, Cynet has been able to perform hundreds of security disclosures for companies not connected to Cynet, while protecting its customers' data in the process. The Lighthouse team regularly publishes its findings in the Lighthouse Series on the Cynet blog.
How to strengthen your cybersecurity posture
The activity that can be found on the dark web and the ever-growing threats emerging from these forums is alarming to cybersecurity professionals. And if you're running a small IT team that lacks the staff and skills to stay ahead of these threats – it may feel impossible to brace for impact.
But there is something you can do to help your organization stay resilient against whatever the dark web throws your way.
Where to start? You can start with the NIST CSF framework. Check out Cynet's ebook: "NIST CSF Mapping Made Easy - How to organize your security stack with the Cyber Defense Matrix." It answers your biggest questions about the NIST CSF framework for managing cybersecurity risks along with easy-to-use tools that allow you to visualize your existing security program and identify any gaps or overlaps in your cybersecurity tech stack.
Ready to plug the holes in your cybersecurity program? Get the ebook here.