The dark web: It’s scary, it’s complicated, and it’s big. It is home to cybercriminals, secret forums
You have probably heard the terms “dark web” and “deep web”, but what is the difference between these two, and what separates them from the Internet we use every day? It comes down to how people are able to find and access webpages.
There are endless threats that you can discover on the dark web, but you need to know what to look for. One obvious example is selling sensitive company data, such as details about a secret project or the names and email addresses of employees to be targeted for phishing attacks. Many enterprises have begun implementing threat hunting and dark web monitoring programs to uncover new threats that could impact their organization. To do this, these companies leverage tools and techniques to infiltrate forums, chat rooms, black markets and other cybercriminal “watering holes”. By going behind enemy lines, you can gain intel on your adversaries and keep a watchful eye for activity targeting your brand.
Where threats exist:
Pastebins: Sites where anyone can post text. Confidential documents, entries from a database, email chains, and other sensitive data are frequently posted to these sites, enabling anyone to view and access them.
On the dark web, anything goes. There is tons of activity to monitor for, a lot of which doesn’t always pertain to your organization. So what are some of the threats you can find and should be monitoring for?
Here are some best practices that should be followed when hunting for threats on the dark web.
Leverage your digital footprint: Cybercriminals often reference key digital assets when plotting their attacks. Knowing your own corporate assets (e.g. IPs, Domains, Brand Names etc.) helps you pinpoint threats that specifically target your organization.
Use extensive sources: Different threats will reveal themselves in different places; monitor a variety of markets, chat rooms, and paste bins.
Stay safe: If you are venturing into the dark web, be sure to take precautions to protect your identity, your machine, and your data. The worst thing you can do is reveal yourself as a threat hunter, because that will instantly make you a target for cybercriminals.
Use a VPN and proxies
Maintain an alias (or multiple) that has a strong backstory
Use a dedicated device or virtual machine that is frequently wiped
Don’t leave any clues that lead back to you or your company