TECHNOLOGY
E C N E DEF AGAINST THE DARK WEB
With the surge of home workers connecting to a remote system via the internet, cyber-attacks are becoming even more of a problem. Chris Barr, technical director at CT Ltd, looks at the security risks posed by the dark web and the steps businesses can take to protect their data At CT we have noticed a marked increase in the number of customers requesting a ‘dark web’ scan. Whilst some people may already know what the ‘dark web’ is, we wanted to make sure all organisations understand the security risks posed by the dark web, why the scans are important and how simple steps can be taken to prevent business data reaching it in the first place. The dark web is a ‘hidden version’ of the web you already know and use, which requires its own browser (and typically a VPN) to access. It contains a range of websites that have forums, communications tools, online stores and more, similar to how the surface net does. The dark web websites usually end in .onion. To access them, you need to download a special browser called Tor and use its associated search engine, DuckDuckGo. However, the creators and
28
CT TECHNICAL DIRECTOR, CHRIS BARR
users of these sites want to remain anonymous. There are, of course, legitimate uses for the dark web, but its anonymity also makes it a haven for criminal activity. The sites that most often concern businesses are those
that sell stolen data, such as passwords, credit card information, social security numbers and other sensitive information. Most of the data that gets lost or stolen in data breaches ends up on dark web marketplaces where criminals
can purchase it. Criminals may use this information to make fraudulent purchases, access your accounts and potentially get into your network to steal more data and cause further damage. It’s crucial that businesses, employees and consumers take steps to protect their data from ending up on the dark web. There have been some major security breaches in recent times including LinkedIn who fell victim to leaking user data in 2012 and 2016. In 2012 the company announced that 6.5 million passwords were stolen by attackers and posted onto a Russian hacker forum on the dark web. However, it wasn’t until 2016 that the full extent of the incident was revealed. The same hacker selling MySpace’s data (another major breach) was found to be offering the email addresses and passwords of around 165 million LinkedIn users for just 5 bitcoins (around $2,000 at the time).
unLTDBUSINESS.COM
