Monitoring services alert organizations to potential threats from stolen information.
More than 24 billion stolen username and password combinations are now for sale on the dark web, according to a new study from the threat intelligence firm Digital Shadows. Is yours among them?
Compromised credentials are used in 80 percent of all data breaches. Obviously, having account information pop up in a dark web marketplace creates an elevated risk of financial, data and reputational loss. Unfortunately, most organizations don’t find out their sensitive information has been compromised until after a breach has occurred.
Dark web monitoring provides an important early warning system. Using a combination of human and artificial intelligence, monitoring services continuously evaluate and analyze dark web marketplaces, malicious web sites, botnets, criminal chat rooms and peer-to-peer networks. If any company, customer or employee data is discovered, users are alerted before the information can be used for criminal activities.
Perils of DIY Monitoring
Dark web sites are encrypted and not indexed by conventional search engines. Although some serve legitimate purposes, many are deeply shady — serving as illicit marketplaces for drugs, guns and child pornography. However, the most lucrative criminal enterprises on the dark web involve the sale of stolen personal information, including credit card credentials, Social Security numbers, medical records and account passwords.
It's possible for organizations to use specialized anonymized browsers such as Tor and Freenet to search the dark web to learn if their data is for sale. That’s not advisable, however. Because the dark web is unregulated, there are few user protections. Many dark web sites are rife with malware that automatically installs on visitors’ computers.
In addition, the Department of Justice warns that dark web browsing could inadvertently create legal complications. For example, exchanging information with others in a dark web marketplace or using fabricated credentials to gain access to dark web forums could be construed as soliciting criminal activity and make the company a target of an investigation.
Minimizing Exposure
Working with an established vendor or a third-party provider can reduce the risk of liability. Such organizations have the tools and expertise necessary to scour the dark web without running afoul of the law. They typically use an array of automated scanners, web crawlers and web scrapers to search dark web marketplaces for any stolen information listed for sale. Once they find a match, they notify the company that data has been compromised. Armed with that information, companies can take these actions to minimize their exposure:
- Create new passwords, usernames, PINs and security questions for all accounts and consider using a password manager.
- Conduct employee training to reinforce the need for good password practices, such as never reusing or sharing passwords.
- Notify any individuals or organizations that may be affected. For example, if any credit card or financial information is exposed, banks and credit agencies should be contacted so they can close or freeze accounts to prevent unauthorized activity.
- Boost security by implementing encryption, multifactor authentication and least-privilege access policies.
- Use data loss prevention solutions to monitor user devices, email clients, servers, network gateways and other network entry and exit points.
- Update and patch software and operating systems to close any existing security gaps.
Dark web monitoring won’t prevent information theft, but its early detection can give organizations the opportunity to mitigate their risk. That makes it a valuable component of a multi-layered security environment.
