Along with cryptocurrency, the dark web is one of the biggest factors driving a surge in ransomware attacks. Although the dark web enables criminals, new methods like dark web monitoring could also protect against hackers. So what is dark web monitoring, and can it boost your cybersecurity?
Introduction to the Dark Web
Although the software that the dark web runs on has been around for a long time, the dark web only came to prominence after the development of Bitcoin. Since Bitcoin could be traded securely and anonymously over the internet, people started to sell illegal goods online— including stolen information and malware.
The dark web uses encryption and internet routing to hide the identity of users. Dark web pages can only be accessed using special software, like TOR (short for “the onion router,” because it routes traffic through layers of proxies).
Anonymous marketplaces have been a huge boon for internet criminals because they allow a feedback system similar to Amazon or eBay. That means someone selling stolen credit card numbers can get testimonials from customers that his numbers work well.
The dark web has also given a big boost to ransomware, making it possible for hackers to build franchises by entering into partnerships with each other. In the past, this was very difficult, because they could be traced through bank transfers. With cryptocurrency and the dark web, however, criminals can generate profit sharing contracts, put down security deposits, and otherwise form partnerships with each other.
Ransomware on the dark web has even benefited from a venture capital ecosystem. Wealthy criminals can invest in promising startups, helping them to develop ways to bypass antivirus software.
How can dark web monitoring protect against ransomware?
This may sound pretty bad so far, and it is. However, anyone can use the dark web, and there are some ways it can help boost cybersecurity.
One of the ways the dark web empowers ransomware hackers is by allowing a higher degree of specialization. Different groups of hackers develop skills in different areas, and then charge other hackers for their services, using a similar model as we do with our ransomware-as-a-service model.
For example, some gangs now specialize only in developing malware, while other groups specialize in breaking into networks. These hackers are sometimes called “initial access brokers.” They will typically scour the net, looking for vulnerable networks. They may even purchase username/password combinations from other hackers who have carried out data breaches.
Hacker marketplaces can also be goldmines for security researchers. Many new methods developed by hackers are shared on dark web forums and marketplaces. This can help cybersecurity experts stay ahead of the game.
For example, if certain hacking tools or exploits are gaining popularity on the dark web, it can be a signal to make some changes. You can strengthen your defenses by patching vulnerabilities.
Detecting data leaks
In some cases, initial access brokers will advertise the names of the companies or organizations that they hack. Dark web researchers will sometimes infiltrate private groups, posing as hackers, and then collect data.
If data connected to a certain company appears on one of these groups, the company can be alerted that their data has been compromised. In the initial phases of a data breach, data is more likely to be private and be used in targeted attacks. As time goes on, private data is more likely to appear publicly on the dark web, so dark web monitoring can sometimes help to identify a breach.
Do you really need dark web monitoring?
Numerous dark web monitoring services have appeared in the last few years. Dark web monitoring can definitely be very useful, but some service providers may exaggerate its capabilities for personal profit.
Dark web monitoring can certainly be valuable for cybersecurity researchers, whether in-house or outsourced. With dark web monitoring, cyber defense efforts can be more targeted and effective.
However, when it comes to monitoring for stolen credentials, the benefits may be limited. In many cases, there may be no early warning signs of an attack on the dark web. Hackers often keep credentials secret on public forums because they are aware that these forums are monitored by cybersecurity experts.
In most cases, a robust credential management routine can be as effective or more effective than dark web monitoring when it comes to preventing hacks caused by compromised credentials. Regularly removing unused access, periodically updating passwords, and using 2-factor authentication as much as possible can take the place of dark web monitoring to a large extent.
Overall, whether dark web monitoring makes sense for you depends on the nature of your cybersecurity arrangements. Be wary of services making “too good to be true” claims about the benefits provided by 3rd party monitoring services. However, dark web monitoring in terms of overall threat intelligence can be an excellent addition to a ransomware defense suite.