The Dark Web is a place where the majority of illegal cyber activity takes place and it’s where almost all cyber breached data is traded and sold. Here are 10 activities that take place on the Dark Web that organisations should watch out for.
Cyber breaches continue to be increasingly dangerous for organisations around the world as more and more high profile breaches occur. Taking organisational precautions to protect against cyber attacks is imperative, things, like raising security budgets and educating employees, are a must. The cost of a breach can be enough to significantly harm a company’s finances and reputation: A recent IBM security report performed by Ponemon Institute gave findings that an average total cost of a data breach is $3.86 million, which is a 6.4% increase from 2017.
Below are 10 activities taking place on the Dark Web that businesses of all sizes should take note of to protect their data.
1.Doxing of a company VIP.
Dark Web and even clear websites such as pastebin are a dumping ground for personal, financial, and technical information with malicious intent, according to the report findings. There usually is a motivation behind these posts, such as political beliefs, hacktivism, vigilantism, or vandalism. It may be no coincidence that CEOs usually get fired in the post-execution of a data breach.
2.W2s and tax-fraud documents.
The report also explained how during tax return season there is a high increase of Dark Web activity as hackers look to gather compromised identity information and file fraudulent tax returns before the actual taxpayer can do so. How is this enabled? by the sale of W2s and other tac fraud-specific documents, which can be tied back to the employers where those documents came from originally, having a direct impact to the business it’s self.
3.Full PANs, BINs, and payment cards for sale.
The sale market for Payment cards on the Dark Web is very strong and cheap, with a single card costing between $5 to $20. There are constant updates within this Dark Market with new cards regularly up for sale, with a strong purchase market behind it, the report claims. And business and platinum cards will net criminals a higher return than average cards.
4.Dumping of your database.
It has been reported that criminals tend to post entire internal databases, which reveal items like private contracts or partnerships between organisations, and employee locations for a higher return. These third-party breaches can put organisations at risk as it provides strong information for phishing and Ransom attacks.
5.Template to impersonate a customer or employee account.
Account templates are all over the Dark Web, these can be very precise and are used as blueprint for hackers to pose as customers of financial institutions, telecommunications companies, and other service providers, the report noted. These templates are then used to solicit loans, open accounts, or as part of a broader scheme for identity theft or fraud. Employee account templates are also exploited to gain data and sell to competitors.
6.Connections between employees and illicit content.
A horrible side of the Dark Web is the posts doxing individuals who engage in illegal activities, such as child exploitation, this can draw undue negative attention to their employers or affiliated organisations. For example, the report said one post listed the full contact information for a tech company that accidentally provided tech support to a child exploitation site.
7.Guides for opening fraudulent accounts.
On the Dark Web there are multiple, step-by-step, instructions on how to exploit or defraud an organisation, the report said. These guides serve two purposes: The company’s brand name is promoted to criminals as a result of the listings and criminals learn how to break into that company’s systems and processes. For example, the report explains how a major US bank changed their security policies, and criminals updated guides with techniques on how to get around those changes.
8. Specialty passes.
Although the majority of fraudulent information on the Dark Web is sold as personal information, there are also physical tickets that are intercepted and sold. Vendors tend to offer special access materials, ranging from movie release passes and other entertainment passes, to military IDs. Dark Web hackers offer these physical press passes to other hackers to help cybercriminals pass as journalists at events, the report found.
9.Proprietary source code.
In computing, the source code is any collection of code, possibly with comments, written using a human-readable programming language, usually as plain text. A leak of source code can allow competing companies to steal intellectual property, and also allow hackers t review the code for potential vulnerabilities to be exploited, according to the report. Lead source codes usually leak on sites like Github, Beanstalk, Gitlab, Pastebin…etc. As developers seek advice and input from others, the report noted.
10. Incorrect Dark Web searching.
The report claims that despite the need to keep tabs on Dark Web activity, a business can accidentally expose its self to harm by searching for information related to your company on the Dark Web. One vendor searched for a CISO’s name so many times on a now-defunct Dark Web search engine that the name made it to the front page of the site under “trending”. This is why it’s important to have an MSP or a 3rd party cybersecurity firm that know how to search the Dark Web.
If you would like read more on cyber security facts and stats of 2019. Broad Band Search have completed an, excellent, in-depth information piece which can be found here.
Other Posts You May Like:
– New Bluetooth Hack Affects Millions Of Major Vendor Devices.
– Typing ‘A’ Key 29 Times Lets You Hack HPE iLO 4 Servers.
– 3 Simple Ways You Can Secure Your Business’ “Guest WiFi” From Possible Threats.
– New Virus Decides If Your Computer Is Best Suited For Ransomware or Crypto Mining.