A guide for the uninitiated.
We are all familiar with the World Wide Web, that we access regularly to seek information, shop or simply catch up on the latest news. Yet, what we normally access is but the outer layer of a wider and, more to the point, deeper realm.
The deeper layers are hidden, sometimes for entirely legitimate privacy concerns, such as in the case of private social media accounts, medical records or chargeable content, other times because they hide not so legitimate activities: welcome to the Deep Web and the Dark Web.
The Deep Web is not accessible through an average search engine, such as Google for example, and is protected by authentication barriers, requiring sign-in credentials for access. The Deep Web is estimated to represent between 96% and 99% of the Internet.
The Dark Web forms part of the Deep Web and requires not just credentials but specialised software to be accessed, specifically, an anonymising browser called Tor that masks your IP address. The Dark Web is estimated to make up around 5% of the Internet.
The mix of legitimate and illegal activities hidden in these deeper layers means government cannot enact a blanket policy to uncover all activities. In fact, it is not illegal to use Dark Web tools in most countries, and both governments and intelligence agencies use them when they require anonymity to protect sensitive data.
Illegal activities are regularly brought to light and stopped; in January 2021, Europol and law enforcement agencies from multiple countries, teamed up to dismantle the world’s largest Dark Web marketplace, DarkMarket, a network with almost 500,000 users and US$171 million worth of cryptocurrency transactions, related to the sale of drugs, counterfeit money and credit card details, malware and anonymous SIM cards.
A large part of activities on the Dark Web use cryptocurrency to mask transactions, as most cryptocurrencies offer anonymity.
How can your credentials end up on the Dark Web?
This can be the result of poor password practice or of insufficient cyber security on the part of the organisation with which you are affiliated.
Data breaches are a daily occurrence and what aggravates their consequences is that they often stay undiscovered for months, sometimes years, giving criminals ample opportunity to exploit the data for their personal gain, undetected.
Widespread remote access practices as a result of the COVID pandemic, have increased vulnerability for businesses, especially for companies without multi-factor authentication policies.
How you can protect yourself
Some tips on how to guard against data loss:
- Use Multi-Factor Authentication (MFA) across all your accounts. Push-based MFA will notify you if your account has been breached or if your password has been stolen, prompting you to take action.
- Deploy password management software, there is a wide choice, including free-of-charge options and it often comes as part of your desktop utilities.
- Use a Dark Web Scanner like WatchGuard’s, that lets you search your email/domain to uncover breaches, (weekly frequency recommended), and in the event, take action by changing your password immediately for all the accounts where it was used.
For more information contact
Nuvias Cyber Security team at firstname.lastname@example.org.