One way to think of a dark web monitoring tool of service is to imagine that it is a search engine of the dark web. In the same way that Google allows you to search for websites and content so does a dark web monitoring tool. The obvious difference being that the dark web is a collection of hidden and non indexed websites.
That being the case, dark web monitoring tools can be used to search for leaked data such as compromised passwords, stolen data and basically anything that would have value to the criminal community.
To put the dark web into context it might help to break the web into three parts.
The first is the public internet. The one we all know and love, the public web indexes sites and content to allow it to be found easily by users.
Then there is the deep web. The deep web is a collection of legitimate private sites and applications used by individuals and industry. A procurement portal would be a good example of a site within the deep web. These sites are password protected and can therefore not be indexed. Totally legitimate but private so they will not be found using a standard search engine.
Finally, we have the dark web. A collection of illegal sites, heavily encrypted and as such not indexed by search engines. In other words they are invisible unless you know where to look. This anonymity provides a place for criminals to buy and sell stolen information, tools, ID’s, drugs, counterfeit goods, or to gather intelligence to launch an attack.
So by monitoring the dark web, businesses can identify leaked data but they can also attempt to stay one step ahead of an attack or impending threat. For example, an organisation may be interested in chatter that relates to a potential firewall exploit. Forewarned is forearmed and that is basically why security professionals monitor the dark web.
What do Dark Web Monitoring Tools do?
Dark web monitoring tools, basically crawl thousands of dark websites (the dark web) looking for personal or sensitive information. The information the scanner inspects is determined by the search. Here are some common search queries that the scanner searches for. They are:
- National Insurance Number
- Credit/debit cards
- Email address
- Passport number
- Bank account numbers
- Mobile, landline numbers
- Driver’s licence
- Retail/membership cards
- So what is the risk to individuals and organisations
For individuals, I would say the risk is relatively limited. If you have been using the web for some time it is highly likely that some of your personal data has leaked onto the dark web at some point. Working from this position, it is always sensible to monitor your credit reports, bank statements and to change your passwords regularly but the risk is low so don’t worry unnecessarily.
For organisations the risk is somewhat different. As the custodians of personal and sensitive data there is a legal duty of care to ensure that all client and third party data is protected. Failure to do this could result in fines, legal action, damage to reputation, and to the IT team, a tsunami of hassle. At a more technical level the breached data could be used to initiate various attacks, so the impact to an organisation is generally broader and far more significant.
Three “quick” ways to protect your data.
I am going to cover this off in more detail in a forthcoming blog but there are three actions you can take to help protect your data immediately.
Use Strong passwords. A phrase with spaces like “the dOg went to the Z00 in 2022” is much harder to crack than a single complex word. It’s also easier to remember.
Use two factor authentication. Yes, I know it is a bit of a pain, but having a secondary authentication method dramatically reduces your risk.
Browse as securely as possible. This can be achieved by using a VPN or at the very least by ensuring that the site is HTTPS protected.
Implement company wide security awareness training so individuals are aware of the risk and to foster a security first approach throughout the workforce.
