It wouldn’t be over-the-top to compare the illicit activity that transpires on the dark web to the Mafia or an international drug cartel.
Criminals in this digital underworld buy and sell illegal items such as drugs, firearms, bombs, financial assets, and many others. A recent law enforcement project called Operation DisrupTor reportedly resulted in the arrest of 179 dark web perpetrators across six countries, including two in Canada. The investigation also seized 500 kilos of drugs and $6.5 million in cash.
While the dark web is making plenty of splashy headlines, business professionals are sometimes left scratching their heads. What does cybercrime really have to do with running a profit-driving organization? Shouldn’t enterprise-level cybersecurity prevent these hackers from stealing files and selling them online?
The answers to those and other questions have grown increasingly complex. You may not know about the dark web, and the activities specifically targeting your operation can land your company in bankruptcy. Ransomware has gained widespread popularity on the dark web, and an attack on your organization could be imminent. Like it or not, decision-makers must take proactive measures to protect your financial future.
It’s essential to understand that the dark web is not necessarily a specific set of online platforms. They are a loosely-knit group of web sites hidden within a much broader framework.
According to CSO Online, it may surprise you to know that 94 to 99 percent of the internet cannot be viewed through conventional searches. Known as the “deep web,” billions of these legitimate platforms are shielded from internet users. These include the digital infrastructures of financial institutions, government agencies, and corporations, among many others. Most internet users can only skim the surface of the entire network.
Even if you possessed the specialized tools required to penetrate the deep web, nefarious spaces are hidden within that framework. And if you managed to enter a dark web platform without permission, typically, the malicious software protecting it would damage your computer or infect your network. It would not be an understatement to say the dark web is a scary place. These are items commonly bought and sold by digital thieves.
While these and other items could prove damaging to your organization, cybercriminals are now offering for-hire services. These pose a tremendous danger to companies with competitors willing to act unethically or illegally.
“In 2019, these attacks wreaked havoc around the globe, earned criminals vast sums, and even occasionally provided a weapon for government hackers. This marked the fifth straight year of growth, with national and local governments and public institutions increasingly becoming targets,” the MIT Technology Review states.
Ransomware attacks reportedly cost Canadian companies upwards of $2.3 billion in 2019. The rise in ransomware as a popular hacker tool has led underworld figures to start offering it as a service. In many ways, this resembles hit-man-for-hire killers associated with the Mafia and cartels. Called Ransomware-as-a-Service (RaaS), digital thugs now offer to sell your competitors the technologies needed to carry out an attack. They may also offer to do the dirty work themselves for a price.
This could entail running phishing schemes at unsuspecting employees to steal at least one username and password. With this information, a hacker or rival entity can log in to your network and embed the malware. Other attacks may include sending convincing phishing emails until someone in your organization clicks on a malicious link or downloads a file laced with ransomware.
In case you are unaware of the consequences of a ransomware attack, a company’s entire network can be frozen. At the same time, hackers pilfer off files and request a bitcoin payoff before releasing control. If a garden variety hacker runs the scheme independent of a rival, the network may or may not be restored after payment. If a rival is behind the plot, files could be stolen, and your system left permanently damaged. It may be prudent to stop asking yourself whether someone in your industry would stoop to employing a dark web cybercriminal to gain a business advantage.
The first step an industry leader can take involves hardening your defences against ransomware attacks. Consider ongoing cybersecurity awareness training for all employees and people who access your network. Enlist the services of an expert to conduct a security review and close existing vulnerabilities. These may include unpatched software, outdated antivirus software, deficient firewalls, implement multi-factor authentication, and encrypted file transmissions, among other strategies. For-hire hackers usually have the blunt-force skills to identify weaknesses and exploit them.
Diversify the way you store and protect critical data. Cloud-based systems can house data in multiple spaces. Hard drives not linked to the network are also an excellent place to secure digital assets from a ransomware attack. The point is to back-up your files daily and puts keep them out of harm’s way.
Lastly, have a dark web scan conducted by a specialist. Knowing that employee login credentials or other valuable data have been posted allows you to implement a defence. Even if nothing substantial can be found in the digital underground, ongoing dark web monitoring identifies trace evidence that someone might be enlisting a criminal to target your organization shortly.
If you are concerned that a competitor is desperate enough to use RaaS or procure the services of a for-hire hacker, dark web monitoring and scans deliver the advanced warning needed to prevent an attack.