The dark web is a strange and confusing place that most people have heard about, typically via passing headlines about drug kingpins and illegal Bitcoin transactions. Unfortunately, the dark web is a very real place, mostly operating off the radar of mainstream security infrastructures. Because most people are law-abiding citizens, it can be easy to ignore the dangers of the dark web since it’s typically not a part of every-day life, and it seemingly has no effect on it, either.
As with most covert activities that survive or flourish over time, certain incidents are beginning to highlight just how much of a threat the dark web really is, whether or not an individual is directly involved with it or not.
Just recently, a U.K.-based cybersecurity firm, RepKnight, released a white paper suggesting that it had uncovered proof that more than 1.2 million email addresses and passwords from some of the U.K.’s top 500 law firms were sitting in file dumps on the dark web. Additionally, these numbers appear to be just the surface of what is really out there. These discoveries were mostly made in public-facing dark web websites that are easy to infiltrate, and not the ‘darker corners’ of the dark web. The ‘darker corners’ are mostly private chat rooms and member-only communities that are more difficult to hack, and also likely where most of the data brokering is likely occurring.
The initial reaction to a compromise of information is to figure out who is to blame. Which security team dropped the ball, or who set up a sub-par firewall that allowed hackers to steal this information? The truth is that it is often not just one entity at fault; there are a number of factors that can lead to a breach of information. These hackers are often times part of a larger organized crime organization, better funded and better trained than corporate IT security teams, and include a wide variety of skilled team members.
In the digital world we’ve come to live in, the right data can often be leveraged for financial gain, or even worse, political influence. The dark web seems to be the de facto place for transactions of this type, especially if digital currencies like Bitcoin survive as the proverbial carrot.
The white paper also reveals that the information was not the result of a direct hack, but acquired from breaches to third-party websites. However, in a worst-case scenario, the published credentials could lead to direct attacks on employee email accounts. Additionally, this kind of breach put firms at higher risk for different types of attacks.
While these law firms are no more culpable than the average organization in terms of cyber security exposure, it serves as a reminder that individuals and organizations alike need to be more vigilant about security risks. Experts noted that even using your corporate email domain for registration on other websites, dating apps, etc. could bring more exposure to your organization.
Because of the complex nature of these types of crimes, it is not necessarily the fault of one particular entity. However, it does leave room for public and private organizations to be more vigilant about their security practices for their own protection. Criminals tend to target the most vulnerable prospects first; the more your organization is prepared for these situations, the better chance there is in deterring criminal activity.
Experts also point out that organizations need to be more proactive in their approach to cyber security vulnerabilities, rather than reactive. Most organizations don’t realize that there has been a compromise until the damage has been done, often several weeks later.
The dark web is indeed a grim place, and unlikely to go away any time soon. If you feel that your organization is at risk for data breaches, be sure to hire a reputable cyber security consultant that can ensure that your digital infrastructure is setup for best practices. The best protection you can have against being a victim is to make sure that you are not the easy target.
Want to learn more about protecting your data? Contact RCS today to learn more about how we can help you protect your data from external breaches. Mitigate your risk today with Risk Control Strategies.