The dark web is part of the internet that isn't visible to search engines and requires the use of an anonymizing browser called Tor to be accessed.
Dark web definition
The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's College in London classified the contents of 2,723 live dark web sites over a five-week period in 2015 and found that 57% host illicit material.
A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that things have become worse. The number of dark web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises.
You can buy credit card numbers, all manner of drugs, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts and software that helps you break into other people’s computers. Buy login credentials to a $50,000 Bank of America account for $500. Get $3,000 in counterfeit $20 bills for $600. Buy seven prepaid debit cards, each with a $2,500 balance, for $500 (express shipping included). A “lifetime” Netflix premium account goes for $6. You can hire hackers to attack computers for you. You can buy usernames and passwords.
But not everything is illegal, the dark web also has a legitimate side. For example, you can join a chess club or BlackBook, a social network described as the “the Facebook of Tor.”
Deep web vs. dark web: What’s the difference?
The terms “deep web” and “dark web” are sometimes used interchangeably, but they are not the same. Deep web refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. It also includes any content that its owners have blocked web crawlers from indexing.
Medical records, fee-based content, membership websites, and confidential corporate web pages are just a few examples of what makes up the deep web. Estimates place the size of the deep web at between 96% and 99% of the internet. Only a tiny portion of the internet is accessible through a standard web browser—generally known as the “clear web”.
The dark web is a subset of the deep web that is intentionally hidden, requiring a specific browser—Tor—to access, as explained below. No one really knows the size of the dark web, but most estimates put it at around 5% of the total internet. Again, not all the dark web is used for illicit purposes despite its ominous-sounding name.
Dark web tools and services that present enterprise risk
The Into the Web of Profit report identified 12 categories of tools or services that could present a risk in the form of a network breach or data compromise:
-Infection or attacks, including malware, distributed denial of service (DDoS) and botnets
-Access, including remote access Trojans (RATs), keyloggers and exploits
-Espionage, including services, customization and targeting
-Support services such as tutorials
-Credentials
-Phishing
-Refunds
-Customer data
-Operational data
-Financial data
-Intellectual property/trade secrets
-Other emerging threats
The report also outlined three risk variables for each category:
Devaluing the enterprise, which could include undermining brand trust, reputational damage or losing ground to a competitor
Disrupting the enterprise, which could include DDoS attacks or other malware that affects business operations
Defrauding the enterprise, which could include IP theft or espionage that impairs a company's ability to compete or causes a direct financial loss
The terms “deep web” and “dark web” are sometimes used interchangeably, but they are not the same. Deep web refers to anything on the internet that is not indexed by and, therefore, accessible via a search engine like Google. Deep web content includes anything behind a paywall or requires sign-in credentials. It also includes any content that its owners have blocked web crawlers from indexing.
Ransomware-as-a-service (RaaS) kits have been available on the dark web for several years, but those offerings have become far more dangerous with the rise of specialized criminal groups like REvil or GandCrab. These groups develop their own sophisticated malware, sometimes combined with pre-existing tools, and distribute them through "affiliates".
The affiliates distribute the ransomware packages through the dark web. These attacks often include stealing victims' data and threatening to release it on the dark web if the ransom isn't paid.
This business model is successful and lucrative. IBM Security X-Force, for example, reported that 29% of its ransomware engagements in 2020 involved REvil. The criminal groups that developed the malware gets a cut of the affiliates' earnings, typically between 20% and 30%. IBM estimates that REvil's profits in the past year were $81 million.
0 Comments