Dark Web: The Basics of Cyber Attacks

August 26, 2021

By Rahul Mahna & Greg Puc’

Download Newsletter

At some point, you’ve heard someone mention the dark web, whether via a news-breaking headline that some Fortune 500 company was attacked by hackers with information found on the dark web or your own IT department announcing new security policies to combat the rise of potential breaches. But do you understand how powerful it can be for criminals?

What Is the dark web?

The dark web or dark net is an ever-growing area of the internet where nefarious activities take place. Access is found to content, illegal goods and materials that are not found on the surface internet. It is called the dark web because the information contained in that area of the internet is encrypted and therefore not indexable by traditional search engines, so the information cannot be easily found. Similarly it contains websites that cannot be discovered unless one knows the way.

Why Is it Used?

There are many reasons why the dark web is used – and why it holds a substantial portion of the internet. It mostly comes down to privacy. Privacy is important to every individual, but the surface internet is not that private. The data found on the surface internet is traceable for federal, state, and local governments and is indexed by Google and other search engines. Criminals utilize the dark web because of the aspect of anonymity it offers. If someone has access to the dark web and understands how to use it, they can be virtually anonymous and do whatever they wish, with minimal fear of exposure.

Examples of Usage

There are a multitude of “goods and services” sold on the dark web, such as drugs, firearms, people’s data, etc. An example of criminals utilizing people’s data is the recent Colonial Pipeline attack. Attackers found and purchased an old employee’s user credentials (which had been left active) on the dark web from a previous data breach. They tested this information against the company’s database and eventually were able to login to the company -- and started taking control of systems and demanding ransomware.

What can you do? It is important to monitor your company’s credentials on the dark web. The Colonial Pipeline breach is a prime example as to why a company should monitor what user accounts may be available. There are ways a company can monitor by itself or they can hire a vendor that provides this advanced service. Whatever way they monitor, the company should get 24/7 alerts every time a compromised account is made available for sale. If the compromise is an actual live user account and the password is exposed, the company can then immediately remediate this by changing the user’s password.

The dark web has become a place where information that should not be easily trafficked is now made available for sale. Hackers have gotten smarter in ways they use this data -- and after they penetrate into an organization using credentials they acquire, they often lock up computers and demand ransom to unlock them. Frequently, they go a step further and extract data from the organization and threaten to release that data if additional ransom is not paid. Strong user training as well as monitoring the dark web constantly for organization information is the best way to prevent an uncomfortable cyberattack and subsequent ransomware demands from occurring.


Digital Intelligence Newsletter - Q3 2021

About Rahul Mahna

Rahul Mahna is the Managing Director of Managed Security Services within EisnerAmper Digital, with extensive experience in information technology and cybersecurity solutions to our clients.

About Gregory Puc'

Gregory Puc’ is Staff Network and Support Engineer within EisnerAmper Digital.

Have Questions or Comments?

If you have any questions, we'd like to hear from you.