Mohammed Abukhater, Vice President, MEA, FireEye, says it is crucial for organisations to outsmart the cyber criminals using the dark web.
The dark web is a growing concern here in the Middle East. In the past years, it has redefined the art of hacking and expanded the range of threats that organisations need to tackle.
Many get the terms “deep web” and “dark web” confused; however, they are very two distinctive things. The deep web is the entire portion of the web that is not accessible by conventional search engines. It is not indexed like the rest of the internet, so people are not able to access it easily. Some say this makes up 99 percent of the entire internet. The dark web on the other hand is a smaller portion of the deep web, consisting of certain websites within the deep web that are linked to criminal activity and illegal marketplaces.
To access the dark web users will need an anonymous browser, such as The Onion Router (TOR), to access it as it is typically used to trade illicit goods such as weapons and drugs. TOR aims to conceal its users’ identities and their online activity from surveillance and traffic analysis by separating identification and routing. Using the dark web, cyber criminals can sell malware, credit card dumps, stolen credentials, access to an organization’s systems, etc.
Most hackers and criminal groups can communicate on the dark web without any fear of interception. This means it’s possible for them to share best practices and new techniques that can be used to compromise sensitive data of organisations’ networks without getting caught. Even more, since organisations are not equipped enough to intercept communication on the dark web, its often difficult to find out if their data has been compromised.
To give you an example of the damage the dark web can have on an organization, in 2017, Amazon.com was targeted by sophisticated criminals operating from the dark web. Hackers gained access to third party seller accounts before distributing their data on the dark web. The criminals modified the seller’s Amazon account details to direct payments to hacker-controlled bank accounts. Some sellers lost more than $100,000 of revenue before Amazon detected the compromise.
How to combat cyberattacks on the dark web
It is crucial for organisations to outsmart the cyber criminals using the dark web. Here’s where to start:
Monitoring: Organisations must ensure that their IT team is monitoring as many segments of the dark web as possible. The threats should be monitored across multiple cybercrime zones to understand if any employee or customer data is being actively traded on the dark web.
Effective defense strategy: Organisations must create an effective dark web defensive strategy that alerts them in advance and provides the intelligence needed to take appropriate action against having their data leaked on the dark web. To give you an example, for years, FireEye has seen airlines and third-party ticket sellers exploited so that illicit tickets could be resold for profit on the dark web. Airlines are a common target of cyber criminals as they hold a wide variety of sensitive data which can be easily traded on the dark web.
Eliminate vulnerabilities through employee training: If an employee accesses the dark web through company network, he or she might open the network to risks and allow company information to become compromised. Sometimes poor employee habits such as using the same password for multiple accounts and opening malicious emails can also cause companies to lose sensitive data which is then traded on the dark web.
Governments in the Middle East are working to create awareness about the dark web to ensure safety. In 2016 for example, the UAE government banned the use of TOR, which in turn prohibited the use of the dark web within the country. Today, every big or small organisation in the region understands the risk of cyber criminal activity; however, there is still little awareness about the risks of the dark web. This means, organisations and governments need to work together to defend against dark web activity.