Imagine a hidden marketplace where sensitive information, proprietary data and corporate vulnerabilities are traded, sold and exploited – all in complete anonymity. This is the dark web, a hidden layer of the internet where illegal activities take place under our noses.
Recent high-profile data breaches show how urgent this threat has become. In May 2024, personal data of more than half a billion Ticketmaster customers was leaked on a dark web forum. Just a month earlier, AT&T suffered a similar blow when data from 73 million customers, including Social Security numbers and passcodes, appeared on the dark web. Even LinkedIn couldn’t escape; in 2021, data from 700 million users – more than 90% of the user base – was put up for sale.
Although it only covers a small portion of the Internet, the dark web has become a growing threat to businesses around the world. From stolen credentials to trade secrets, corporate data circulates in these encrypted spaces, out of reach and often out of sight, creating potential crises for any company that handles valuable information.
To protect against these threats, companies must stay informed and prepared.
Global Sales Engineering EMEA at CyCognito.
Pulling back the veil on the dark web
The dark web is a hidden layer of the internet that most people never see. Unlike the websites we visit every day, it requires specialized tools like the Tor browser to access, and it runs under unique .onion domains that are not seen or indexed by search engines. Originally created by the US Department of Defense for secure communications, the dark web has grown into a largely unregulated space where anonymity reigns.
Although it makes up a small portion of the Internet – less than 0.01% – the dark web has become infamous for its illegal activities. Under the guise of encryption and multi-layer routing, users can find marketplaces for drugs, stolen data, fake documents and even weapons. While some people use the dark web for legitimate reasons, such as protecting privacy or circumventing censorship, this hidden network is fraught with risks. Users are exposed to scams, malware and potential legal issues if they enter illegal territory.
Government agencies are actively monitoring the dark web to counter these threats, but it remains a place where public order has limited reach. For most, the dark web is best left alone: a reminder of the power of the internet to enable both secrecy and risk.
What can companies do to protect themselves in this high-stakes environment?
Protection against the dark web
Organizations must assume that their attack surface is larger than they previously thought. What we used to simply call an “attack surface” has very quickly become an “extended attack surface” due to the growing complexity of IT environments.
With this in mind, the first step is to accept that some of the organization’s data (such as leaked credentials to access data for sale) is already circulating on the dark web – because it is. Then take action:
Scan for leaked credentials: Periodically check for any exposed username/password combinations associated with the organization. This includes tracking hashed credentials that attackers can decrypt. By detecting these vulnerabilities early, you can secure accounts before they are exploited.
Search for accounts and access for sale: Dark web marketplaces often offer user accounts and privileged access for sale. Actively scanning these spaces can help you identify compromised accounts associated with the organization so you can immediately disable or re-secure them and prevent unauthorized access.
Monitor for IP-based leaks: Sensitive data breaches are sometimes associated with specific IP addresses associated with the company. Proactively searching for IP-based information on the dark web gives you insight into potential network vulnerabilities, allowing you to shut down access points before attackers can exploit them.
Identify data from previous breaches: Ransomware and data breaches often lead to sensitive information leaking online. This could be internal documents, customer data or other proprietary information. By recognizing what data has been exposed, you can understand where the organization is most vulnerable.
Now bring them back to the attack surface graph for additional context and to prioritize remediation efforts. Here, context is key: it not only shows you where the data ended up, but also where security efforts should focus next. Overlaying these risks onto the existing attack surface provides a clearer, strategic view of how dark web exposure intersects with the organization’s vulnerabilities, allowing the team to address the most critical gaps first.
Securing the business against threats on the dark web requires not only the right technology, but also a proactive approach rooted in vigilance, strategy and preparedness. It is essential to recognize that even a seemingly small leak can have devastating consequences. By training teams and embedding this awareness into your security strategy, you strengthen your defenses and ensure everyone is prepared to respond quickly and effectively.
We recommended the best encryption software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro