Technology opens up opportunities that businesses simply would not have had twenty or even ten years ago. The internet in particular has grown to become the primary communication tool for many businesses. It is also the foundation of applications, distributed computing, and even ecommerce.
Without the internet, global business would probably not be flourishing as it is today.
In the same way that the internet creates opportunity and facilitates growth, it can also create risks for businesses. Recently, businesses have started to become aware of the dark web and deep web; areas of the internet that are associated with nefarious and malicious criminal activity.
Businesses today have the responsibility of understanding the dark web, and the threats that it can create.
Understanding the Deep Web and Dark Web
The deep web refers to parts of the world wide web that are not found in search engine indexes. Pages are not indexed for a number of reasons. Sometimes this is intentional, and at other times sites are not indexed due to poor web development. Sites on the deep web can only be accessed when users have a direct link or IP address. In many cases (including paid and private services), deep web content is perfectly legal and is not intended to cause harm or disruption.
The dark web is also web content that is not indexed by search engines, but exists on a deeper level. The dark web can only be accessed through specific protocols or software, and traffic is anonymized to prevent identification of users. Not all activity on the dark web is illegal, but it is the preferred communications platform for criminals, thanks to the anonymity that is provided.
What Threats Does the Dark Web Pose to Businesses?
Businesses concerned about security should be worried by activity on the dark web. Because hackers and other malicious parties can communicate freely and without any real fear of interception, it’s possible for them to share best practices and new techniques that can be used to compromise businesses and their networks. Because it is resource intensive to monitor and intercept communication data on the dark web, businesses may not even know when exploits are discovered.
The gift card market is a prime example of how information on the dark web can damage businesses. Gift card fraud is common with hackers, and for many of them it is relatively simple to achieve. Hackers don’t always need to compromise a gift card network, because they can also target individual users to gain account information (such as in the case of reloadable gift cards). Gift card information is often sold online through dark web marketplaces, which can undermine brand value and the value of gift cards themselves.
Amazon.com, the world’s most valuable online retailer, was targeted in 2017 by criminals operating from the dark web. Hackers gained access to third party seller accounts before distributing the information on the dark web. Seller accounts were modified to direct money to hacker controlled bank accounts, and some sellers lost more than $100,000 of revenue before the compromise was detected by Amazon.
Credit card fraud is also common on the dark web, as criminals can easily trade stolen information without a real risk of law enforcement intervention. This creates risk for businesses through fraudulent card use. Businesses can take all necessary steps to ensure that protocols are being followed, and they may still not be able to detect that they are being provided with fraudulent card information.
Targeted Attacks Organized from the Dark Web
The risk for most businesses is that they won’t even know when attacks are coming. Targeted hacking attempts and malware infections etc. can be purchased on the dark web. Criminals sell HaaS (Hacking as a Service), offering illegal access to systems for a fee.
Access could be used simply to steal data and cause disruption, or it could be used to distribute malware and viruses with the intent of extorting money from infected users. A corporation infected by a widespread virus could be crippled in their ability to do business.
HaaS could also be used by businesses performing industrial espionage. Although there is no current data confirming or denying that cases exist, it’s not outside of the realms of possibility.
How Can Businesses Stay Safe from Dark Web Threats?
There’s no single security solution that can protect against all eventualities. Criminal parties evolve their techniques to stay competitive with current security solutions, which is why businesses also need to take a proactive approach to network and systems security.
Professional security consulting is essential. Managed IT professionals can help to develop an understanding of the most likely threat scenarios, based on a business and how it stores its information.
Security professionals can also develop the systems and safeguards that will prevent or drastically reduce the risk of virus and malware infection originating from the dark web. Businesses that have secure networks will become difficult targets, and cyber criminals will often follow the path of least resistance.
Information security is something that any modern business should invest in, because the dark web is just one of a number of threats that can cause significant harm to organizations today.