Corporate data dark web

From a cybersecurity point of view, the dark web is like a huge marketplace, where sensitive data (personal data, banking data, credentials, etc.) rubs shoulders with cyberattack kits. We find indeed malware sold between $50 and $500 [1], there would be 15 billion credentials in circulation…[2]
How do you know if your corporate data is on the dark web?

After clarifying the terms deep web, dark web and dark net, we will see how to verify if your business data is available on the dark web and what to do if it is.

Deep web, Dark Net, Dark Web: What Differences?

Despite their similar names, we can distinguish the deep web, the darknet and the dark web. The web can be compared to an iceberg:

  • part of it is accessible via search engines: the clear or surface web (the tip of the iceberg)
  • content not indexed by search engines forms the deep web (the hidden side of the iceberg). It’s often said that the deep web represents 90% of the internet.

The dark web is part of the deep web. As for the dark net, it is a network that is ‘overlaying’ on the classic internet network. To get to the dark web, you must first connect to the dark net via an anonymising network. Tor is one of the best known and most widely used. 
Frequently, dark web is used to refer to the deep web.

Darknets are designed to preserve anonymity. On the positive side, activists and whistleblowers use the dark web to escape surveillance, as well as users from countries where the internet is censored. Some famous organisations have a website there, such as Facebook, the New York Times, the BBC.
On the negative side, the dark web is used by cybercriminals, where they conduct criminal, terrorist or mafia activities. 

The Dark Web, a Marketplace for Selling Confidential Data

After a data leak, attackers might publish the collected information on the dark web for several reasons:

  • selling data: credentials, banking data, health data, IT infrastructure information… All this data has a market value, as it allows attackers to optimise their phishing, identity theft or money fraud campaigns.
  • blackmailing the legitimate owners of the data (both personal and professional),
  • ideological reasons: exposing practices, revelations that could lead to scandals… Attackers may have political or religious goals.

Financial profit is the main motivation for attackers to put data on the dark web. They sell not just personal data, corporate data are traded too. A study of Digital Shadow in July 2020 [3] showed that administrator accesses to corporate domains were sold for around $3,000. Sensitive corporate documents are a gold mine for people who intend to commit targeted cyberattacks.

How to Know if your Corporate Data is on the Dark Web?

To identify leaked sensitive documents, the solution is to search the surface web, the deep web and the dark web. However, navigating the hidden web is difficult, as pages are not indexed. You have to know the URLs of the pages you want to access or use underground search engines. Besides, the risk of hacking is very high.

Investigating the dark web enables first to detect if your business data is present. It can also help you detect and correct data leak flaws that you were not aware of.
This research can be conducted internally or you can rely on a third party to conduct a reconnaissance audit. This audit identifies all the items related to your business that are exposed online.

If confidential documents are indeed on the dark web, then it is necessary to confirm whether they are accurate. Depending on the data, you can take first emergency measures. Wanting to delete it from the web is wishful thinking; it is better to aim that it is useless and obsolete for attackers.

This may involve changing authorisations, modifying network access or notifying your customers if their data has been leaked (and, depending on your legislation, also advising an official monitoring body).

Including Security Upstream to Prevent Data Leaks

It is important to consider the security of your infrastructure and applications. Web or mobile applications are gateways that are highly exposed to attacks. Performing a penetration test makes it possible to secure the data that flows or is stored in these applications, to avoid leaks on the web (whether on the visible or hidden web). 

A key is also to limit as much as possible any information exposed on the web. By reducing the attack surface exploitable by attackers, attacks will be less relevant and a little more restrained. 

Finally, raising internal awareness of cyber-risks is an essential element in strengthening security. Poor practices and misunderstanding of the current dangers can lead to major incidents. During a training session or a social engineering pentest, your teams are exposed to threats adapted to your company’s context. Raising awareness through real-life situations helps to remember good practices and to respect procedures.

In conclusion, any data leak is likely to end up on the dark web, as attackers can make various gains from it. This data feeds new cyberattacks and new data leaks. To break this vicious circle, it is necessary to strengthen its cybersecurity, both technical and human.

[1] Dark Web Price Index 2021. Privacy Affairs
[2], [3] From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover. Digital Shadow