The 773 million records recently posted on a hacking forum, now known as “Collection #1”, are merely the tip of a vast iceberg of stolen data now available to organised cyber criminals, hostile governments and terrorists.
The Dark Web increasingly hosts Bitcoin sales of all kinds of data sets, ranging from customer and financial details to highly confidential data such as new product designs and business strategies.
Almost all the data being traded on the Dark Web is earmarked for illegal use of some kind. Stolen data can be used for all kinds of purposes including bank robbery and terrorism.
The Collection #1 data haul would typically be used by cyber criminals in what is known as “credential stuffing” scams, in which hackers throw thousands of email and password combinations at a given site or service until they succeed in breaking in.
Credential stuffing software was also used prior to the major Tesco Bank attack, in which £2.5 million was siphoned from customer accounts. CyberInt analysts found early indications of the attack while carrying out a probe of hidden pages on the Dark Web, which revealed that cyber criminals were discussing the potential uses of a software tool that tested thousands of login and password combinations, enabling access to Tesco accounts.
With cyber crime and espionage rapidly evolving into a trillion-dollar industry, cyber criminals are becoming increasingly well-organised and professional.
Crooks selling software specifically designed to break into banks, retailers, law firms etc now routinely offer 24-hour help desks and technical support for the unskilled cyber criminal. But the greatest threat the Dark Web poses to companies in sectors such as retail and finance comes from its role as a breeding ground for all kinds of new and sophisticated cyber attacks.
One particularly disturbing trend observed throughout 2018 was that existing hacker groups never previously found to be associated with or sponsored by governments increasingly use sophisticated tools and techniques of the kind formerly exclusively deployed by Russian and Chinese intelligence services.
Organised international gangs of cyber criminals have, for instance, been found to be using Saturn ransomware, a software so powerful it can be used to encrypt and completely seal off an organisation’s entire database, releasing the data only when the Bitcoin ransom demand is met and not always then.
As a result, the number of highly sophisticated cyber-attacks is rapidly multiplying. Ransomware-as-a-Service (RaaS), which is designed for maximum ease-of-use by even relatively unskilled hackers, is now available on the Dark Web.
Other popular hacking techniques originally developed by intelligence services include “watering hole” attacks exploiting weaknesses in the defences of third parties such as the target organisation’s suppliers, sub-contractors, partners, and clients.
These types of attacks, which started to appear in the latter half of 2017, can be particularly dangerous for corporates as this new breed of cyber criminals will sit within a compromised IT system, carrying out repeated fraud, siphoning off cash and conducting cyber-espionage.
The anonymity offered by the encryption of the Tor browser used to access the Dark Web and the fact that many professional gangs of cyber criminals are based in locations such as Russia, where they cannot be extradited, makes the task of policing the Dark Web virtually impossible.
Even when international co-operation between police forces enables the authorities to bring down high-profile illegal Dark Web marketplaces such as AlphaBay and Holland-based Hansa, as happened in 2017, their victory is short-lived as other illicit websites spring up to take their place.
One investigator from the Netherlands High Tech Crime Unit who worked on the Hansa bust has termed this “the whack-a-mole effect”. Enterprises cannot rely on either the authorities or their own stretched IT departments to protect them from what is now a tidal wave of cyber-crime.
The only real defence is for companies to extend their security perimeters well beyond their own IT systems to monitor upcoming threats from the Dark Web in real time.
This is best accomplished by using a digital risk protection platform, which drives real-time detection of cyber threats via artificial intelligence and machine learning algorithms in conjunction with researchers operating across all times zones drawn from the ranks of so-called white-hat hackers, who use their cyber skills for non-criminal purposes, and also from modern intelligence services such as the 8200 Israeli Intelligence Corps.