The dark web is the part of the internet that is only accessible through a specialized web browser. It enables criminals and other users who require a high degree of anonymity to transact business and communicate with far less risk.
Some use the dark web to evade government censorship, but it’s also a breeding ground for illegal activity. As more companies are targeted by data breaches, their data is often sold to the highest bidder on marketplaces or shared in forums. It is in the organization’s interest to conduct intelligence efforts on the dark web to protect their employees, customers and data from malicious third parties.
Figure 1: Dark Web Monitoring Overview
A well-established cyber security program can dramatically reduce the risk of incidences occurring; however, knowing where to look on the dark web is key to protecting a company’s assets. Dark web monitoring tools help organizations to defend their brand intellectual property early. The tools use crawlers, scrappers and automated scanners to identify compromised data being advertised or sold on dark web forums. If organizational data were found on a dark web, an alert would be sent to the organization. Countermeasures can then be put into place to protect the organization from cyberattacks or inform targeted customers of potential phishing attacks.
The dark web is surprisingly small compared to the clear web, with only about 60,000 pages at any given time. Some of the challenges dark web monitoring tools face are that the dark web is not indexed. To perform a search of the dark web, the URLs of the sites to be searched need to be known in advance. Dark web monitoring tools often use publicly available databases dumps published on the dark web. These contain personal information like usernames, passwords and credit card details stolen and posted online. Chances are these dumps have already been used and sold multiple times by malicious threat actors.