<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

Deep, dark and scary: The value of monitoring the web you can’t see

by Cybersprint Blog 18 Jul 2019

Most people aren’t aware of the difference between the surface web, deep web and dark web. In fact, most people aren’t even aware that the dark web in particular even exists. And yet, it’s below the surface that many of the biggest threats to personal and organisational data originate. This is why having a corporate digital risk protection strategy in place that counters threats which aren’t visible on the surface is so important.

Deep web threats: Legitimate beginnings

The deep web consists of websites and information that are often legitimate, or at least start out that way. These resources could include corporate intranets, educational networks or any number of different membership sites that require a login or other form of authentication. Unfortunately, it’s all too easy for criminals and hackers with malicious intent to hijack users from within these sites and redirect them to, for example, phishing websites or online stores selling counterfeit goods that also reside in the deep web. In this scenario, users are more likely to be taken in by a scam, because their starting point was within what they assumed was a safe online environment.

Murkier still: Threats from the dark web

If you can’t identify a website’s IP address, or the addresses of the people that visit it, everyone involved becomes essentially anonymous. Welcome to the unlit recesses of the dark web, a place which although useful for those trying to understand criminal activity, is even more valuable for those perpetrating it. Accessing the dark web requires the use of a browser or web tool that enables anonymous web access and communication. Content that can typically found in the dark web includes:

  • Shops for counterfeit or stolen goods
  • Marketplaces for buying people’s personal information
  • Hacking tutorials
  • Hackers for hire
  • Chatrooms for networks of criminals planning a coordinated online or real-world attack.

 The value of deep and dark web visibility

According to a 2018 report from the Ponemon Institute1, the average cost of a data breach is $3.86 million, with the likelihood of another breach occurring within two years running at almost 28%. The most serious breaches have operational and reputational impacts that go far beyond that. For example, when Danish logistics company Maersk was breached by the Nonpetya ransomware attack in 2017, it was not able to use its IT systems for 10 days, and had to reinstall 4,000 servers, 45,000 PCs and 2,500 applications in that time. The total cost of the attack was estimated at $300 million. Of course, a successful attack on this scale would be more than sufficient to put smaller companies out of business for good. That’s why the ability to identify and block potential threats wherever they originate can literally be priceless.

Giving cybercriminals nowhere to hide

It’s not difficult to see how threats from the deep or dark web can cause major headaches for corporate IT teams. But even with knowledge about where deep and dark web threats might come from and how to look for them, identifying them manually is simply not practical or cost-effective. That’s why an increasing number of organisations are turning to automated digital risk protection solutions to help them deal with these hard to spot risks.

The centrepiece of such solutions is a monitoring and alert capability, based on the scraping and searching of online marketplaces and websites that can be used for anonymous posting, among other tactics. Examples of threats that can be identified in this way include open but anonymised postings of:

  • Bank account and credit card details for sale
  • Requests for attacks against a specific company or high-profile executive
  • Suspicious forum conversations
  • Database dumps

Ideally, the implementation of a digital risk protection solution should be supported by a structured education and awareness program for employees. This can help limit the likelihood of inadvertent actions that may help criminals carry out attacks. These actions can include the publishing of sensitive personal or business data on potentially vulnerable corporate intranet pages, for example.

Cybersprint is expert in helping organisations identify and eliminate digital risks to their data, operational continuity and revenue, wherever they originate online. If you’d like to see what we can do, the first step is a free Quickscan of your company’s digital footprint.

Get your free Quickscan

1 2018 Cost of a Data Breach Study, Ponemon Institute & IBM

 

Control over third-party risk

Most organisations outsource parts of their IT infrastructure. This brings different opportunities for the services they deliver, such as cloud accessibility or faster web traffic through external web hosting. But there is a downside. As more parts of the online footprint are in the hands of third parties, the digital attack surface of your organisation grows. Even though you cannot directly control those assets, your brand can be held accountable when data is leaked. So, what can you do to regain control over your external assets?

read more

Pandemic-related domains list

- The information in this article will be updated frequently -  The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our latest research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.

read more

Bad actors leveraging crises: 3 types of activities to watch out for

2020 is surely not starting out as we expected, as the horrible virus is disrupting and even ending the lives of many. We have mixed emotions writing this up, because there many people doing way more important work, like healthcare workers. Unfortunately, the bad guys have leveraged the crisis like clockwork. We looked at the three most common activities of bad actors.

read more

Do you have a question?

Our experts have the answers

Contact us