To understand how you are vulnerable to attacks from the dark web, you first must understand what the dark web is, and how it is different from both the 'surface web' and the 'deep web'.
The deep web is not accessed by search engines, which means that you cannot Google something and end up on the deep web. It contains over 7,500 terabytes of information in comparison to the 19 terabytes contained by the surface web. This means it makes up from 90-95% of the internet on a whole. Overall, it has a broader scope and range of content, though most of this content is password protected. As such, most of the data breaches that come from this are attacks focused on login credentials, such as phishing emails and fake login prompts, so be wary of this if you ever end up on the deep web.
Typically, most people use the deep web more often than they believe; because the deep web is defined as websites that are uncrawlable or un-indexed by search engines, pages such as your Gmail inbox, bank account page, and your google drive are all on the deep web.
On the other hand, the dark web is a very small subset of the deep web, taking up only 0.01% of the deep web and 5% of the total internet. All activity is anonymous by default on the dark web, which is what makes it so difficult to locate those accessing and sharing illegal material, and shut down websites involved in criminal activity. Despite common beliefs, legitimate websites do exist here, but around 60% of the dark web is criminal in nature, from buying and selling firearms, drugs, counterfeit ID and stolen data. This is also where you can find journalists and activists sharing their research and data findings in order to expose the truth, and express themselves freely without the worry of it being traced back to them.
In order to access the dark web, a special browser is needed to ensure anonymity. People are much more hesitant to share their personal data on the dark web, so the biggest security breaches occur when illegal content is downloaded, containing viruses or malware. To find out more about malware, visit our malware prevention page.
The dark web is a marketplace for stolen data; cybercriminals who steal personal and business data will sell it online to other criminals, who can do with that data what they wish. Data theft can happen in a few ways; phishing emails are a very commonly used method of accessing data, and you can read more about these here. The regular selling and sharing of the stolen data creates a chain, and along with the anonymity of the dark web, this makes it very difficult to trace or stop. Sometimes it can take weeks or months for business to realise they have been compromised, which can cause catastrophic consequences.
On 12th February 2023 Munster Technological University revealed that certain data was taken from their systems in the course of a ransomware attack and made available on the dark web. Unfortunately, drastic steps had to be taken and the campus was temporarily shut down to protect the safety of their students and staff.
TELUS, a large telecom giant based in Canada, had their employee data leaked onto the dark web. As such, they launched an investigation to assess the scope of the incident and the effect it will have on the individuals whose names were leaked. This has caused financial and reputational damage to the company.
In Australia in 2022, Mediank, a health insurer, had thousands of private records, covering 9.7 million current and former customers, stolen by hackers and uploaded onto the dark web during a cyberattack. As a result of this, Medibank had to hire over 300 employees to work their call centres, and even extend the hours.
This month, Casepoint, a litigation technology platform company working with the USA government departments, has had their data breached and held hostage by a group of cyber criminals on the dark web. Threats of releasing 2TB of their data have been posted to the dark web, and the company is yet to respond.
To prevent these consequences, TwentyFour IT suggest that all businesses and companies should enlarge their online monitoring from the surface web, and dive into the deep and dark web in order to search for information that could have been stolen on there.
If your company’s data has been compromised and is on the dark web, you are at risk, because they could have access to anything from online accounts to emails, to bank accounts.
Take a look at our page for dark web monitoring services in Doncaster and South Yorkshire, or even take a look at our dark web protection services for businesses. Let TwentyFour IT keep your business safe from dark web attacks.