WatchGuard Blog

The dark web : what threat does this pose to your company?

There is a welter of websites that are not indexed by search engines on the dark web, making it an ideal space to exchange all kinds of illegal content or products. This dark part of the web actually represents just 0.1% of the deep web. So how come something so small can be so dangerous for organizations and users?  

For starters, there is a significant amount of information available on the dark web. According to Statista data, the current volume of data on the Internet is reached 64.2 zettabytes in 2020 and expected to reach 180 zettabytes by 2025. Although the dark web may seem a tiny percentage of the network, if we do the calculations, we are talking about more than 88 million TB of data. Moreover, as this is sensitive information, a multitude of vulnerabilities can be exploited or attacks perpetrated. The dark web has major forums, used mostly to trade and sell stolen data. One example was the RaidForums, a major forum that Europol and the FBI took down last April. RaidForums started in 2015, created and maintained by a Portuguese teenager who was arrested in the UK last January. 

Inside the dark web, there is a huge demand for data, not only for data obtained through ransomware attacks but also for information and services needed to orchestrate one, such as obtaining data to launch a multiphase attack. These include passwords, personal IDs, driver's licenses, social media accounts and other platforms, email addresses, and phone numbers, as well as other personal data.  

It is possible to monitor the dark web 

What is clear is that if a company has its data exposed on the dark web, it is unknowingly at the mercy of cybercriminals who are willing to pay large sums of money for the opportunity to infiltrate a corporate network. The good news is that there are ways to know if an organization's data has been exposed, enabling companies to react and make the necessary password changes before they can be used to access systems and breach data. 

The new AuthPoint Total Identity Security solution adds a new layer of protection by monitoring for credential exposure. It also protects the user against potential theft or reuse of credentials. So how does it work? 

With the addition of WatchGuard’s Dark Web Monitor, administrators, as well as users involved in data exfiltration, are notified if compromised credentials from monitored domains are found. This enables them to take the necessary actions to mitigate an attack such as the one suffered by Bangkok Airlines when the LockBit ransomware group was able to gain access to the airline’s customers' data thanks to an initial access broker. 

Passwords: gateway or armor to protect your company 

Despite the fact that there is interest in promoting "passwordless authentication" as an answer to protecting identity, the fact is that passwords will continue to be used and it is common for organizations to be exposed by employees not managing passwords properly. It has been proven that most incidents happen due to human error – in fact, Verizon’s 2023 Data Breach Investigations Report says that 74% of 2022 investigated breaches involved the human element – and there are common mistakes that function as the gateway for attackers, including:  

  • Password sharing  
  • Reusing a corporate password for personal use 
  • Using the same password for everything 
  • Passwords that are easy to crack 
  • Shared administration password  
  • Password exposure for accounts managed by an MSP  

But all is not lost and there is no need to panic. Tools such as a corporate password manager help organizations gain greater control over password quality, reducing the need for password resets and mitigating problems related to weak or stolen passwords. This manager is included in the new AuthPoint Total Identity Security which, in addition to promoting the correct use of passwords within a company, also makes them virtually impossible to crack, even if a hashed password database is stolen. 

Being fully protected against malicious cyber actors is essential nowadays and, as the Bangkok Airways incident shows, being equipped with the necessary tools to prevent cyberattacks can protect the company from being hit hard.