10 Threats Lurking on the Dark Web
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltbfb7f1ffcfe07e70/64f0d69df687a1541c34e74e/Slide1CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Image Source: Shutterstock via Who is Danny
1. Doxing of VIPs
Dark Web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, says Terbium Labs' Walther-Puri. While there's a sense that people know their personal info could be put out on the Dark Web, they don't always understand the full implications. The bad threat actors can aggregate a lot of open source information and use it to humiliate them. The lesson for everyone: Be careful what you share on social media because it can be used against you.
Image Source: Shutterstock via fatmawati achmad zaenuri
2. Payment Card Information for Sale
A robust economy exists for primary account numbers (PANs), bank identification numbers (BINs), and general payment card data on the Dark Web, where sellers update markets with new cards regularly – and sometimes daily, according to Walther-Puri. This has become an ongoing concern for retailers and any company that accepts credit cards. Today more companies are using automated tools so they can spot payment card fraud earlier in the process.
Image Source: Shutterstock via Production Perig
3. Guides for Opening Fraudulent Accounts
The Dark Web offers guides for sale containing detailed, step-by-step instructions on how to exploit or defraud an organization. There are entire online courses and even one-on-one tutorials available on how to become a cybercriminal, including how to launch a ransomware attack and how to create malware, Walther-Puri says. The appearance of the guide has a dual impact: Fraudsters learn how to take advantage of an organization's systems and processes, and the criminals' attention becomes focused on the target company. Keep in mind that the fraudsters use freelancers the same way legitimate companies hire contractors. They also have access to automation and analytics tools.
Image Source: Shutterstock via funnybear63
4. W2s and Tax-Fraud Documents
Before tax season each year, there's a rush of activity on the Dark Web by fraudsters who have gathered compromised identity information to file fraudulent tax returns before the legitimate taxpayer can, Walther-Puri says. These tax frauds are enabled by the sale of W2s and other tax fraud-specific documents, which can be tied back to the employers where those documents came from originally.
Image Source: Shutterstock via hafizi
5. Employee User Name and Password Data
The Dark Web contains millions of plain-text user names and passwords stolen in various breaches. Just because your company may not have directly suffered a breach doesn't mean that employee user names and passwords are not being sold on the Dark Web, some of which can be leveraged to access databases and other organizational systems or assets, says James Willett, vice president of technology at Neustar.
Because many users don't take care of their passwords properly, the reuse of user names and passwords remains quite prevalent. This means credentials stolen in a breach of one organization could very well be the same credentials and work for other organizations or sites. This could greatly expand the impact of the initial breach and put your organization at risk.
Image Source: Shutterstock via Tasko
6. DDoS-for-Hire Services
In a DDoS for hire, cybercriminals on the Dark Web rent out botnets to anyone wishing to use them to carry out distributed denial of service attacks against organizational websites for a small cost – sometimes as low as $5. According to Willett, while botnets are extremely hard to build without technical expertise, cybercriminals are making them readily available on the Dark Web. By harnessing the power of the growing number of vulnerable IoT devices to fire off data at specific Web targets, anyone on the Dark Web could use a botnet to drive a business completely offline until they decide to halt the attack – often leading to direct financial and customer loss, as well as a tarnished brand reputation because of unplanned downtime.
Image Source: Shutterstock via RedHanded
7. RDP Shops
The Remote Desktop Protocol (RDP) is a proprietary Microsoft solution that lets remote administrators access a PC – something wonderful for solving IT challenges, but potentially devastating in the wrong hands. Says John Fokker, head of cyber investigations at McAfee Advanced Threat Research, the Dark Web contains dozens of shops selling stolen RDP systems, usually for very low prices, granting buyers remote access to hacked machines. Once the criminal purchases access, he or she can obtain logins to a victim’s computer system and essentially have full control. Criminals can use RDP as an entry point to enact ransomware attacks, send spam, create false security alerts, steal data, steal credentials, and even mine cryptocurrency.
It's also common practice for cybercriminals to try and crack RDP system logins by brute-forcing them with a password list. Even more frightening, RDP shops on the Dark Web are growing in size and abundance. McAfee recently researched these shops, exploring some ranging in size from 15 to more than 40,000 RDP connections for sale.
Image Source: Shutterstock via Andrey_Popov
8. Supply Chain Threats
Companies should be aware of anything that has to do with organizations that are part of their supply chain management, Fokker says. Know your suppliers and organization you interact with, and be very aware when something related to them shows up on the Dark Web. That's because their breach can have a significant impact on your own business continuity. Be sure to check the Dark Web regularly for any chatter involving any of your leading suppliers or business partners.
Image Source: Shutterstock via OpturaDesign
9. Insider Access Scams
Companies should be on the lookout for insiders selling access to their accounts and databases on the Dark Web, says Michael Marriott, senior strategy and research analyst at Digital Shadows. Banks and technology companies are especially susceptible to this kind of fraud. The bad actors tend to be guarded in naming a company. They might say something like, "I have access to a large technology company," rather than name a company specifically.
Image Source: Shutterstock via eamesBot
10. Credential-Stuffing Tools
Credential-stuffing tools are pieces of software available on the Dark Web that let criminals load in stolen credentials that had been previously exposed there and then launch an attack. According to Marriott, a criminal can use a credential-stuffing tool to gain access to popular websites, such as Amazon or eBay. Once they have access, they can cause major damage – anything from launching a ransomware attack to stealing databases and source code.
Image Source: Shutterstock via rendeep kumar r
10. Credential-Stuffing Tools
Credential-stuffing tools are pieces of software available on the Dark Web that let criminals load in stolen credentials that had been previously exposed there and then launch an attack. According to Marriott, a criminal can use a credential-stuffing tool to gain access to popular websites, such as Amazon or eBay. Once they have access, they can cause major damage – anything from launching a ransomware attack to stealing databases and source code.
Image Source: Shutterstock via rendeep kumar r
Image Source: Shutterstock via Who is Danny
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024