DARK WEB – THE GOOD, THE BAD AND THE UGLY

Security_in_Action

The Dark Web is a bit wild, wild west, a lot Darth Vader, and 100% unrestricted free enterprise. There are no regulators or arbiters of decency. It can be unsavory and dangerous, as well as innovative and useful.

Dark Web is Here to Stay

As we all know the Dark Web is this part of the Internet that is not accessible with popular browsers and requires specific software, configurations or authorization to access. It’s an “insiders-only” kind of place. If you don’t know where it is; you won’t find it.

There are two main arguments for believing it is permanent.

  1. Every day, there are more products and services, and consequently, money; exchanged on the Dark Web. As a result, more people are drawn into it and want to use it. As long as there is money to be made, there will be people who want to use it. Like the basic foundation of capitalism: Supply and Demand. As long as there is a demand, there will be a supply. There is also the added attraction that what happens on the Dark Web is unregulated and therefore, untaxed.
  2. Some of the infrastructure enabling the Dark Web, specifically the relay network that provides the anonymity was invented by the United States Naval Research Laboratory to protect the identity of the US intelligence officers abroad. The infrastructure is still used and partially owned by governmental organizations.

 

What’s Good About It

  1. It enables people to post information and communicate freely. For example, a citizen of a repressive regime can expose information about regime’s misconduct or connect with other people who are concerned about repression. An example is events that precipitated the “Arab Spring”.
  2. It facilitates the exchange of goods and services. The Dark Web is becoming more and more commerce savvy. Mirroring the Amazon style of online services; there are even seller ratings and sellers with return policies, etc.

 

Dark Web Threats – The Ugly

The Dark Web serves as a marketplace, a sort of open-air bazaar for threat intelligence about companies, and as an information resource on new attack vectors.

  • Threat intelligence is posted, such as weaknesses in a company’s defenses. Sometimes accounts of successful attacks are published even before the company’s IT organization has discovered the breach.
  • Company employees’ credentials and customer data are offered, which can be used to breach an organization and steal sensitive information. Threat actors capture millions of credentials and offer them for sale. This is a growing trend that is becoming ever more profitable.
  • Information on accessing specific corporate assets and details of phishing campaigns and other exploits using employee emails are shared.
  • New attack techniques, exploiting such opportunities as the Zero-day vulnerabilities, are shared so they may be applied against other organizations’ defenses.
  • The Dark Web serves as a distributed threat and attack research and development laboratory manned by clandestine actors.

 

Fighting Back

The first step is accepting reality. Accept that the Dark Web is here to stay and adjust your corporate behavior accordingly. You cannot stop it. You cannot avoid it. You must adapt to it.
The most effective course of action is to build the infrastructure or subscribe to services, such as Vericlouds offers, that will:

  • Provide a notification when data about your company is published or exchanged on the Dark Web
  • Provide information about unknown vulnerabilities that affect your infrastructure when they are detected on the Dark Web and fix all identified vulnerabilities immediately
  • Provide a report of compromised employee credentials so they may be changed or blocked immediately
  • Provide Actionable Intelligence that your corporation can use to harden its defenses
  • Establish an employee training program that will educate on:
    • Proper password management
    • Recognition of phishing exploits
    • Proper email management and malware risks
    • Safe online practices

 

ABOUT VERICLOUDS

VeriClouds was founded by Rui Wang and Stan Bounev in 2014 to resolve the authentication security issues in Cloud Services. Information Security is not just a business opportunity. It is a calling, a passion, even an obsession.  Rui and Stan joined forces to create ways to make the world more secure by making it safer to do business online. Rui has a Ph.D. in Cyber Security, and Stan is a successful entrepreneur with over 14 years of corporate and startup experience in the banking and technology industries.

We Accept Only Business Email Addresses – No Free or ISP Email Addresses

Please enter a business email address to obtain proper delivery of the product. If you do not have a business email address or experience any issues during the registration process, please send an email to support@vericlouds.com