Everyone is aware of the Dark Web’s reputation as a playground for cyber criminals who anonymously trade stolen data and partake in illegal activities. While in the past it required a degree of technical knowledge to transact on the Dark Web, in recent years the trading of malware and stolen data has become increasingly commoditised. As a result, marketplaces, hacker forums and ransomware groups sites are proliferating.
Bitglass recently conducted some research that shines some light on exactly how Dark Web activity, the value of stolen data, and cyber criminal behaviours have rapidly evolved in recent years. What we found should trigger alarm bells for enterprises that want to prevent their sensitive data from ending up on the Dark Web.
The Dark Web: a growing threat
Back in 2015, Bitglass conducted the world’s first data tracking experiment to identify exactly how data is viewed and accessed on the Dark Web. This year we re-ran the experiment and embellished it, posting fake account usernames, emails and passwords that would supposedly give access to high-profile social media, retail, gaming, crypto and pirated content networks acquired through well-known breaches.
Having baited the hook, the speed and volume of responses that were observed far outstripped our findings of six years ago.
For example, the fictional breach data we posted received over 13,200 views compared to 1,100 views just six years ago – that’s a stunning 1,100% jump – with breach data being downloaded by entities across five different continents. Furthermore, it took less than 24 hours to hit 1,100 link views compared to 12 days in 2015.
These unique insights highlight how the growing volume of data breaches, combined with the rising number of avenues now available to cyber criminals looking to monetise exfiltrated data, is fuelling a significant growth of interest and activity surrounding stolen data on the Dark Web.
Why cyber crime groups are some of the world’s most effective startups
The covert nature of Dark Web activity is deepening
In a bid to outwit UK law enforcement and evade tracking and prosecution, today’s malicious actors are becoming highly adept at utilising anonymous VPNs and proxies to hide their identities when accessing breached data. So much so that the number of anonymous viewers we observed accessing our fake data on the Dark Web in 2021 (93%) far outstripped those seen in 2015 (67%).
Evaluating which types of data were top of the shopping list for these anonymous viewers, gaining access to large retailers’ networks proved the most enticing, receiving 37% of all clicks. Unsurprising, given how retail businesses of all sizes had to pivot fast during the pandemic to serve customers primarily online. The scale of this digital shift has opened up a wealth of new opportunities for criminals looking to engage in illicit activities such as drop shipping or ransomware attacks.
Ironically, our research found that hackers and criminals are benefiting from many of the same tools and technologies that IT staff in enterprises are making use of. In 2021, cyber criminals were taking full advantage of the public cloud to download stolen breach data.
Keeping your data off the Dark Web
With stolen data on the Dark Web spreading farther and faster, organisations will need to up their game if they want to maintain control of their data and prevent it from being traded by cyber criminals who are becoming expert at covering their tracks.
As corporate data moves beyond the firewall, traditional security solutions have become obsolete. This means that firms need to rethink their cyber security posture with mobility and remote work environments in mind.
When it comes to keeping your data off the Dark Web, our top six tips on the best practices and technologies organisations should be looking to deploy include:
- Employ a zero trust framework.
- Ensure that your security extends to any device, anywhere, rather than only when devices are on the corporate network.
- Employ mechanisms to track the location and access of your data and credentials.
- Use best practice protocols and training to ensure all employees understand and practice good cyber hygiene.
- Block SaaS app login and access attempts with CASB, denying anonymisers and activity from unfamiliar and suspicious locations.
- Make sure you have a security strategy in place that is independent of your underlying operating system infrastructure.
With the world fully immersed in digital transformation, our research findings reveal the extent to which data has become a valuable commodity. With cyber criminals moving full steam ahead to take advantage of this very lucrative opportunity, IT and security leaders must take action fast to protect their data.