What is the dark web? - and what threats does it pose?
By Ryan Collins
The Dark Web, it is a term which many have heard when discussing cyber-crime is quite misunderstood and underrated in its purpose and the threat it contains. This blog post is here to try and clarify all the information about the dark web which can affect you and your business.
What is the dark web?
The Dark Web is one of the three parts of the Internet which is the home of all the hidden parts of the internet not normally seen by people like you or me on a day to day basis. It cannot be accessed through the use of conventional browsers such as Firefox, Chrome or Safari. Instead the dark web can only be accessed to browsers purpose built around giving users access to the dark web such as TOR (The Onion Router) or I2P (The Invisible Internet Project). The dark web is very often confused with the deep web, but in fact they are two different parts of the internet as a whole.
Loads of people assume that due to the general usage of the dark web for malicious and criminal purposes that is it actually illegal to use the browsers above to access the dark web, but this actually is not the case but yet there are still massive risks involved with accessing the dark web as accessing certain websites can give off the impression that by using TOR for example to remain anonymous on the dark web you might be attempting to do some kind of malicious or illegal task.
What kind of threats are there on the dark web?
Since the dark web is the home for the internet’s illegal aspects, there are many threats that can affect an individual should they not be aware of them before accessing the dark web.
Malicious Software
The dark web provides a great platform for the creation and distribution of malware and has even allowed for the creation of the idea of “malware as a service” which includes the ability to hire someone through the dark web to create custom malware for specific uses or even paying for ransomware as a service (RaaS) which is where someone pays a vendor for access to their ransomware tools through a subscription service to allow someone with little technical know-how to commit ransomware attacks on a victim of their choice.
Illegal Sales
The Dark Web is the home for the sale of illegal goods and services, with the sale of stuff like drugs, hitmen services, sex services and weapons being quite commonplace across the purpose built marketplaces for these goods and services such as Silk Road or Hydra. The dark web is the perfect place to do these sales due to its anonymous nature partnered with the idea of using cryptocurrency to conduct these transactions which practically makes it near impossible to track these transactions.
The dark web is also the place where breached data goes to be sold to the highest bidder after an attack, for example, if someone stole tons of credit card or bank details from a bank it is highly likely that all that information would be sold illegally on the dark web later on without the victim’s knowledge
Spoofing
The dark web also has the spoofing threat still in place as threat actors are able to create websites which might mimic their surface web counterparts in order to be provided with loads of login details and personal information from users who believe they are just simply using their TOR client to access a website which they have used countless times on the surface web.
How do I protect myself or my business against the threat of the dark web?
Below is a list of some good practices which will help protect yourself and your business from the threats of the dark web.
1. Read up on the current cyber security news to ensure that you are aware of the threats currently affecting people, there might be the chance that it is affecting you as well and you can take steps to protect yourself against a threat from the dark web before it affects you.
2. Understand how using the same password for every tool and service is quite insecure and that there are tools such as password managers or two-factor authentication which can help improve the security of your logins.
3. Using a VPN can help hide your location and internet activity across all three parts of the Internet, so cyber criminals cannot gain any useful information from your IP address as it is hidden by the VPN.
4. A business can opt to use a security consulting service which will allow businesses to understand better where their security flaws are and how to fix them to prevent cyber threats from exploiting them.
5. Make use of proper security tools such as anti-virus and anti-malware protection to ensure that if you do slip up that you have that layer of protection to stop malware from conducting massive damage.
Sources
https://www.kaspersky.com/resource-center/threats/deep-web
https://www.echosec.net/dark-web-threat-intelligence#industries
https://stratixsystems.com/dark-web-threats-pose-business/
https://www.echosec.net/dark-web-threat-intelligence#threats
(Echosec Systems acquired by Flashoint.io in 2022)